You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dubbo.apache.org by ra...@apache.org on 2021/09/22 08:48:32 UTC
[dubbo-admin] branch develop updated: For #756 (#815)
This is an automated email from the ASF dual-hosted git repository.
ranke pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/dubbo-admin.git
The following commit(s) were added to refs/heads/develop by this push:
new 888863a For #756 (#815)
888863a is described below
commit 888863a2594b1d70d5759c09f275e5e56326fa44
Author: Aaron-boom <55...@users.noreply.github.com>
AuthorDate: Wed Sep 22 16:48:22 2021 +0800
For #756 (#815)
* For #756
---
.../authentication/InterceptorAuthentication.java | 34 +++++++++++++++
.../impl/DefaultPreHandle.java} | 32 ++++++--------
.../dubbo/admin/interceptor/AuthInterceptor.java | 49 +++++++---------------
....admin.authentication.InterceptorAuthentication | 1 +
4 files changed, 63 insertions(+), 53 deletions(-)
diff --git a/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/authentication/InterceptorAuthentication.java b/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/authentication/InterceptorAuthentication.java
new file mode 100644
index 0000000..bb468c0
--- /dev/null
+++ b/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/authentication/InterceptorAuthentication.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.dubbo.admin.authentication;
+
+import org.apache.dubbo.common.extension.SPI;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Permission interception validation
+ *
+ */
+@SPI
+public interface InterceptorAuthentication {
+
+ boolean authentication(HttpServletRequest request, HttpServletResponse response, Object handler);
+
+}
diff --git a/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/interceptor/AuthInterceptor.java b/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/authentication/impl/DefaultPreHandle.java
similarity index 75%
copy from dubbo-admin-server/src/main/java/org/apache/dubbo/admin/interceptor/AuthInterceptor.java
copy to dubbo-admin-server/src/main/java/org/apache/dubbo/admin/authentication/impl/DefaultPreHandle.java
index ecc6e57..5ee83c7 100644
--- a/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/interceptor/AuthInterceptor.java
+++ b/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/authentication/impl/DefaultPreHandle.java
@@ -14,37 +14,33 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.dubbo.admin.interceptor;
+
+package org.apache.dubbo.admin.authentication.impl;
import org.apache.dubbo.admin.annotation.Authority;
+import org.apache.dubbo.admin.authentication.InterceptorAuthentication;
import org.apache.dubbo.admin.controller.UserController;
+import org.apache.dubbo.admin.interceptor.AuthInterceptor;
import org.springframework.beans.factory.annotation.Value;
-import org.springframework.http.HttpStatus;
-import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
-import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.validation.constraints.NotNull;
import java.lang.reflect.Method;
-@Component
-public class AuthInterceptor extends HandlerInterceptorAdapter {
- @Value("${admin.check.authority:true}")
- private boolean checkAuthority;
-
+
+public class DefaultPreHandle implements InterceptorAuthentication {
//make session timeout configurable
//default to be an hour:1000 * 60 * 60
@Value("${admin.check.sessionTimeoutMilli:3600000}")
private long sessionTimeoutMilli;
+
+ private AuthInterceptor authInterceptor = new AuthInterceptor();
+
@Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
- if (!(handler instanceof HandlerMethod) || !checkAuthority) {
- return true;
- }
+ public boolean authentication(HttpServletRequest request, HttpServletResponse response, Object handler) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
Authority authority = method.getDeclaredAnnotation(Authority.class);
@@ -59,7 +55,7 @@ public class AuthInterceptor extends HandlerInterceptorAdapter {
if (StringUtils.isEmpty(authorization)) {
//While authentication is required and 'Authorization' string is missing in the request headers,
//reject this request(http403).
- rejectedResponse(response);
+ authInterceptor.rejectedResponse(response);
return false;
}
@@ -70,14 +66,10 @@ public class AuthInterceptor extends HandlerInterceptorAdapter {
}
//while user not found, or session timeout, reject this request(http403).
- rejectedResponse(response);
+ authInterceptor.rejectedResponse(response);
return false;
} else {
return true;
}
}
-
- private static void rejectedResponse(@NotNull HttpServletResponse response) {
- response.setStatus(HttpStatus.UNAUTHORIZED.value());
- }
}
diff --git a/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/interceptor/AuthInterceptor.java b/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/interceptor/AuthInterceptor.java
index ecc6e57..a45de4e 100644
--- a/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/interceptor/AuthInterceptor.java
+++ b/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/interceptor/AuthInterceptor.java
@@ -16,20 +16,20 @@
*/
package org.apache.dubbo.admin.interceptor;
-import org.apache.dubbo.admin.annotation.Authority;
-import org.apache.dubbo.admin.controller.UserController;
+import org.apache.dubbo.admin.authentication.InterceptorAuthentication;
+import org.apache.dubbo.common.extension.ExtensionLoader;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
-import java.lang.reflect.Method;
+import java.util.Iterator;
+import java.util.Set;
@Component
public class AuthInterceptor extends HandlerInterceptorAdapter {
@@ -45,39 +45,22 @@ public class AuthInterceptor extends HandlerInterceptorAdapter {
if (!(handler instanceof HandlerMethod) || !checkAuthority) {
return true;
}
- HandlerMethod handlerMethod = (HandlerMethod) handler;
- Method method = handlerMethod.getMethod();
- Authority authority = method.getDeclaredAnnotation(Authority.class);
- if (null == authority) {
- authority = method.getDeclaringClass().getDeclaredAnnotation(Authority.class);
- }
-
- String authorization = request.getHeader("Authorization");
- if (null != authority && authority.needLogin()) {
- //check if 'authorization' is empty to prevent NullPointException
- //since UserController.tokenMap is an instance of ConcurrentHashMap.
- if (StringUtils.isEmpty(authorization)) {
- //While authentication is required and 'Authorization' string is missing in the request headers,
- //reject this request(http403).
- rejectedResponse(response);
- return false;
- }
-
- UserController.User user = UserController.tokenMap.get(authorization);
- if (null != user && System.currentTimeMillis() - user.getLastUpdateTime() <= sessionTimeoutMilli) {
- user.setLastUpdateTime(System.currentTimeMillis());
- return true;
+ ExtensionLoader<InterceptorAuthentication> extensionLoader = ExtensionLoader.getExtensionLoader(InterceptorAuthentication.class);
+ Set<InterceptorAuthentication> supportedExtensionInstances = extensionLoader.getSupportedExtensionInstances();
+ Iterator<InterceptorAuthentication> iterator = supportedExtensionInstances.iterator();
+ boolean flag = true;
+ while (iterator.hasNext()) {
+ InterceptorAuthentication interceptorAuthentication = iterator.next();
+ boolean b = interceptorAuthentication.authentication(request, response, handler);
+ flag = b & flag;
+ if (flag == false) {
+ break;
}
-
- //while user not found, or session timeout, reject this request(http403).
- rejectedResponse(response);
- return false;
- } else {
- return true;
}
+ return flag;
}
- private static void rejectedResponse(@NotNull HttpServletResponse response) {
+ public static void rejectedResponse(@NotNull HttpServletResponse response) {
response.setStatus(HttpStatus.UNAUTHORIZED.value());
}
}
diff --git a/dubbo-admin-server/src/main/resources/META-INF/dubbo/internal/org.apache.dubbo.admin.authentication.InterceptorAuthentication b/dubbo-admin-server/src/main/resources/META-INF/dubbo/internal/org.apache.dubbo.admin.authentication.InterceptorAuthentication
new file mode 100644
index 0000000..ef91a43
--- /dev/null
+++ b/dubbo-admin-server/src/main/resources/META-INF/dubbo/internal/org.apache.dubbo.admin.authentication.InterceptorAuthentication
@@ -0,0 +1 @@
+defaultHandle=org.apache.dubbo.admin.authentication.impl.DefaultPreHandle
\ No newline at end of file