upgrade security config.

examcloud-core-questions-starter/src/main/java/cn/com/qmth/examcloud/core/questions/starter/config/ExamCloudResourceManager.java

@@ -1,27 +1,43 @@
 /*
  * *************************************************
  * Copyright (c) 2019 QMTH. All Rights Reserved.
- * Created by Deason on 2019-05-06 16:15:50.
+ * Created by Deason on 2019-05-07 11:02:18.
  * *************************************************
  */
 
 package cn.com.qmth.examcloud.core.questions.starter.config;
 
 import cn.com.qmth.examcloud.api.commons.security.bean.AccessApp;
+import cn.com.qmth.examcloud.api.commons.security.bean.Role;
 import cn.com.qmth.examcloud.api.commons.security.bean.User;
+import cn.com.qmth.examcloud.api.commons.security.bean.UserType;
+import cn.com.qmth.examcloud.api.commons.security.enums.RoleMeta;
+import cn.com.qmth.examcloud.commons.util.PathUtil;
+import cn.com.qmth.examcloud.commons.util.PropertiesUtil;
+import cn.com.qmth.examcloud.commons.util.RegExpUtil;
 import cn.com.qmth.examcloud.support.cache.CacheHelper;
 import cn.com.qmth.examcloud.support.cache.bean.AppCacheBean;
 import cn.com.qmth.examcloud.web.redis.RedisClient;
 import cn.com.qmth.examcloud.web.security.ResourceManager;
 import cn.com.qmth.examcloud.web.support.ApiInfo;
+import com.google.common.collect.Sets;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import java.util.List;
+import java.util.Set;
+
 @Component
 public class ExamCloudResourceManager implements ResourceManager {
     @Autowired
     private RedisClient redisClient;
 
+    static {
+        PropertiesUtil.configure(PathUtil.getResoucePath("security.properties"));
+    }
+
     @Override
     public AccessApp getAccessApp(Long appId) {
         AppCacheBean appCacheBean = CacheHelper.getApp(appId);
@@ -40,14 +56,12 @@ public class ExamCloudResourceManager implements ResourceManager {
             return true;
         }
 
-        if (null != apiInfo) {
-            Integer id = apiInfo.getId();
+        if (mapping.matches(".*swagger.*")) {
+            return true;
+        }
 
-            if (null != id) {
-                if (id.equals(103)) {
-                    return true;
-                }
-            } else {
+        if (null != apiInfo) {
+            if (apiInfo.isNaked()) {
                 return true;
             }
         }
@@ -57,7 +71,59 @@ public class ExamCloudResourceManager implements ResourceManager {
 
     @Override
     public boolean hasPermission(User user, ApiInfo apiInfo, String mapping) {
-        return true;
+
+        // 学生鉴权
+        if (user.getUserType().equals(UserType.STUDENT)) {
+            String key = "[s]" + mapping;
+            return PropertiesUtil.getBoolean(key, false);
+        }
+
+        List<Role> roleList = user.getRoleList();
+
+        if (CollectionUtils.isEmpty(roleList)) {
+            return false;
+        }
+
+        for (Role role : roleList) {
+            if (role.getRoleCode().equals(RoleMeta.SUPER_ADMIN.name())) {
+                return true;
+            }
+        }
+
+        // 权限组集合
+        String privilegeGroups = PropertiesUtil.getString(mapping);
+        if (StringUtils.isBlank(privilegeGroups)) {
+            return true;
+        }
+
+        // 用户权限集合
+        Set<String> rolePrivilegeList = Sets.newHashSet();
+        Long rootOrgId = user.getRootOrgId();
+        for (Role role : roleList) {
+            String key = "$_P_" + rootOrgId + "_" + role.getRoleId();
+            String rolePrivileges = redisClient.get(key, String.class);
+
+            List<String> rpList = RegExpUtil.findAll(rolePrivileges, "\\w+");
+            rolePrivilegeList.addAll(rpList);
+        }
+
+        List<String> privilegeGroupList = RegExpUtil.findAll(privilegeGroups, "[^\\;]+");
+
+        for (String pg : privilegeGroupList) {
+            pg = pg.trim();
+            if (StringUtils.isBlank(pg)) {
+                continue;
+            }
+
+            List<String> pList = RegExpUtil.findAll(pg, "[^\\,]+");
+            if (rolePrivilegeList.containsAll(pList)) {
+                return true;
+            } else {
+                continue;
+            }
+        }
+
+        return false;
     }
 
 }

examcloud-core-questions-starter/src/main/java/cn/com/qmth/examcloud/core/questions/starter/config/ExamCloudWebMvcConfigurer.java

@@ -1,7 +1,7 @@
 /*
  * *************************************************
  * Copyright (c) 2019 QMTH. All Rights Reserved.
- * Created by Deason on 2019-05-06 16:15:50.
+ * Created by Deason on 2019-05-07 11:02:18.
  * *************************************************
  */
 
@@ -27,12 +27,12 @@ public class ExamCloudWebMvcConfigurer implements WebMvcConfigurer {
 
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
-        String[] excludes = new String[]{"/", "/doc.html"};
-        registry.addInterceptor(new FirstInterceptor()).addPathPatterns("/api/**").excludePathPatterns(excludes);
-        registry.addInterceptor(new RpcInterceptor(resourceManager)).addPathPatterns("/api/**").excludePathPatterns(excludes);
+        String[] excludes = new String[]{"/", "/error", "/webjars/**", "/doc.html"};
+        registry.addInterceptor(new FirstInterceptor()).addPathPatterns("/**").excludePathPatterns(excludes);
+        registry.addInterceptor(new RpcInterceptor(resourceManager)).addPathPatterns("/**").excludePathPatterns(excludes);
 
         RequestPermissionInterceptor permissionInterceptor = new RequestPermissionInterceptor(resourceManager, redisClient);
-        registry.addInterceptor(permissionInterceptor).addPathPatterns("/api/**").excludePathPatterns(excludes);
+        registry.addInterceptor(permissionInterceptor).addPathPatterns("/**").excludePathPatterns(excludes);
     }
 
     @Override
@@ -40,8 +40,9 @@ public class ExamCloudWebMvcConfigurer implements WebMvcConfigurer {
         registry.addMapping("/**")
                 .allowedOrigins("*")
                 .allowCredentials(false)
-                .allowedMethods("POST")
+                .allowedMethods("*")
                 .maxAge(3600);
+
     }
 
 }

examcloud-core-questions-starter/src/main/resources/security-exclusions.conf

@@ -3,19 +3,10 @@ regexp:.*/extractQues/.*
 regexp:.*/ecs_ques/checkObjective/.*
 
 regexp:.*swagger.*
-regexp:.*docs.*
-regexp:.*webjars.*
-
-[][/swagger/ui/index][GET]
-[/swagger-resources][][GET]
-[/swagger-resources][/configuration/ui][GET]
-[/swagger-resources][/configuration/security][GET]
-[][${springfox.documentation.swagger.v2.path:/v2/api-docs}][GET]
 [][/doc.html][GET]
-[][/swagger-ui.html][GET]
-[][/docs.html][GET]
-[${api_cqb}/][/paper/init][GET]
+[][/][GET]
 
+[${api_cqb}/][/paper/init][GET]
 [${api_cqb}/][/paper/{paperId}][GET]
 [${api_cqb}/][/questionAudio/{questionAudioId}][GET]
 [${api_cqb}/][/extract/getAnswerHtml/{paperId}][GET]