feat: Added authentication mode on the server side (#772)

2 years ago · 241a8b79fa
parent 5c79c8f72c
commit 241a8b79fa
7 changed files with 54 additions and 16 deletions
--- a/hippo4j-auth/src/main/java/cn/hippo4j/auth/config/GlobalSecurityConfig.java
+++ b/hippo4j-auth/src/main/java/cn/hippo4j/auth/config/GlobalSecurityConfig.java
@ -22,6 +22,7 @@ import cn.hippo4j.auth.filter.JWTAuthenticationFilter;
 import cn.hippo4j.auth.filter.JWTAuthorizationFilter;
 import cn.hippo4j.auth.security.JwtTokenManager;
 import cn.hippo4j.auth.service.impl.UserDetailsServiceImpl;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@ -50,6 +51,9 @@ import java.util.stream.Stream;
@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class GlobalSecurityConfig extends WebSecurityConfigurerAdapter {

+    @Value("${hippo4j.core.auth.enabled:true}")
+    private Boolean enableAuthentication;
+
    @Resource
    private UserDetailsService userDetailsService;

@ -93,11 +97,12 @@ public class GlobalSecurityConfig extends WebSecurityConfigurerAdapter {
                .authorizeRequests()
                .antMatchers("/static/**", "/index.html", "/favicon.ico", "/avatar.jpg").permitAll()
                .antMatchers("/doc.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs").anonymous()
-                .anyRequest().authenticated()
                .and()
                .addFilter(new JWTAuthenticationFilter(authenticationManager()))
                .addFilter(new JWTAuthorizationFilter(tokenManager, authenticationManager()))
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+        disableAuthenticationIfNeeded(http);
+        http.authorizeRequests().anyRequest().authenticated();
    }

    @Override
@ -105,4 +110,10 @@ public class GlobalSecurityConfig extends WebSecurityConfigurerAdapter {
        String[] ignores = Stream.of("/hippo4j/v1/cs/auth/users/apply/token/**").toArray(String[]::new);
        web.ignoring().antMatchers(ignores);
    }
+
+    private void disableAuthenticationIfNeeded(HttpSecurity http) throws Exception {
+        if (Boolean.FALSE.equals(enableAuthentication)) {
+            http.authorizeRequests().antMatchers("/hippo4j/v1/cs/**").permitAll();
+        }
+    }
 }
--- a/hippo4j-auth/src/main/java/cn/hippo4j/auth/filter/JWTAuthenticationFilter.java
+++ b/hippo4j-auth/src/main/java/cn/hippo4j/auth/filter/JWTAuthenticationFilter.java
@ -68,6 +68,7 @@ public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilte
        Authentication authenticate = null;
        try {
            LoginUser loginUser = new ObjectMapper().readValue(request.getInputStream(), LoginUser.class);
+            request.setAttribute("loginUser", loginUser);
            rememberMe.set(loginUser.getRememberMe());
            authenticate = authenticationManager.authenticate(
                    new UsernamePasswordAuthenticationToken(loginUser.getUsername(), loginUser.getPassword(), new ArrayList()));
--- a/hippo4j-auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java
+++ b/hippo4j-auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java
@ -20,14 +20,21 @@ package cn.hippo4j.auth.service.impl;
 import cn.hippo4j.auth.mapper.UserMapper;
 import cn.hippo4j.auth.model.UserInfo;
 import cn.hippo4j.auth.model.biz.user.JwtUser;
+import cn.hippo4j.auth.model.biz.user.LoginUser;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;

 import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
 import java.util.Collections;
 import java.util.Objects;
 import java.util.Set;
@ -38,11 +45,18 @@ import java.util.Set;
@Slf4j
 public class UserDetailsServiceImpl implements UserDetailsService {

+    @Value("${hippo4j.core.auth.enabled:true}")
+    private Boolean enableAuthentication;
+
    @Resource
    private UserMapper userMapper;

    @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
+        JwtUser anonymous = dealWithAnonymous();
+        if (!Objects.isNull(anonymous)) {
+            return anonymous;
+        }
        UserInfo userInfo = userMapper.selectOne(Wrappers.lambdaQuery(UserInfo.class).eq(UserInfo::getUserName, userName));
        if (Objects.isNull(userInfo)) {
            log.warn("User {} not found", userName);
@ -56,4 +70,27 @@ public class UserDetailsServiceImpl implements UserDetailsService {
        jwtUser.setAuthorities(authorities);
        return jwtUser;
    }
+
+    private JwtUser dealWithAnonymous() {
+        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
+        if (requestAttributes == null) {
+            return null;
+        }
+        HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
+        LoginUser loginUser = (LoginUser) request.getAttribute("loginUser");
+        if (Objects.isNull(loginUser)) {
+            return null;
+        }
+        if (Boolean.FALSE.equals(enableAuthentication)) {
+            JwtUser jwtUser = new JwtUser();
+            BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
+            jwtUser.setId(1L);
+            jwtUser.setUsername("anonymous");
+            jwtUser.setPassword(bCryptPasswordEncoder.encode(loginUser.getPassword()));
+            Set<SimpleGrantedAuthority> authorities = Collections.singleton(new SimpleGrantedAuthority("ROLE_ADMIN"));
+            jwtUser.setAuthorities(authorities);
+            return jwtUser;
+        }
+        return null;
+    }
 }
--- a/hippo4j-core/src/main/java/cn/hippo4j/core/enable/BeforeCheckConfiguration.java
+++ b/hippo4j-core/src/main/java/cn/hippo4j/core/enable/BeforeCheckConfiguration.java
@ -42,18 +42,6 @@ public class BeforeCheckConfiguration {
                                                                                 ConfigurableEnvironment environment) {
        boolean checkFlag = properties != null && Objects.equals(bootstrapPropertiesClassName, properties.getClass().getName()) && properties.getEnable();
        if (checkFlag) {
-            String username = properties.getUsername();
-            if (StringUtil.isBlank(username)) {
-                throw new ConfigEmptyException(
-                        "Web server failed to start. The dynamic thread pool username is empty.",
-                        "Please check whether the [spring.dynamic.thread-pool.username] configuration is empty or an empty string.");
-            }
-            String password = properties.getPassword();
-            if (StringUtil.isBlank(password)) {
-                throw new ConfigEmptyException(
-                        "Web server failed to start. The dynamic thread pool password is empty.",
-                        "Please check whether the [spring.dynamic.thread-pool.password] configuration is empty or an empty string.");
-            }
            String namespace = properties.getNamespace();
            if (StringUtil.isBlank(namespace)) {
                throw new ConfigEmptyException(
--- a/hippo4j-example/hippo4j-spring-boot-starter-example/src/main/resources/application.properties
+++ b/hippo4j-example/hippo4j-spring-boot-starter-example/src/main/resources/application.properties
@ -15,8 +15,8 @@ spring.dynamic.thread-pool.server-addr=http://localhost:6691
 # spring.dynamic.thread-pool.netty-server-port=8899
 spring.dynamic.thread-pool.namespace=prescription
 spring.dynamic.thread-pool.item-id=dynamic-threadpool-example
-spring.dynamic.thread-pool.username=admin
-spring.dynamic.thread-pool.password=123456
+#spring.dynamic.thread-pool.username=admin
+#spring.dynamic.thread-pool.password=123456

 # Enable server and micrometer monitoring at the same time
 spring.dynamic.thread-pool.collect-type=server,micrometer
--- a/hippo4j-server/src/main/resources/application.properties
+++ b/hippo4j-server/src/main/resources/application.properties
@ -20,6 +20,7 @@ tenant=hippo4j
 ### Regularly clean up the historical running data of thread pool. unit: minute.
 hippo4j.core.clean-history-data-period=30
 hippo4j.core.clean-history-data-enable=true
+hippo4j.core.auth.enabled=false

 ### Initialize the database dialect class.
 hippo4j.database.dialect=mysql
--- a/hippo4j-spring-boot/hippo4j-spring-boot-starter/src/main/java/cn/hippo4j/springboot/starter/remote/HttpScheduledHealthCheck.java
+++ b/hippo4j-spring-boot/hippo4j-spring-boot-starter/src/main/java/cn/hippo4j/springboot/starter/remote/HttpScheduledHealthCheck.java
@ -44,7 +44,7 @@ public class HttpScheduledHealthCheck extends AbstractHealthCheck {
                healthStatus = true;
            }
        } catch (Throwable ex) {
-            log.error("Failed to periodically check the health status of the server.", ex.getMessage());
+            log.error("Failed to periodically check the health status of the server. message: {}", ex.getMessage());
        }
        return healthStatus;
    }