feat: Added authentication mode on the server side (opengoofy#772)

jianlai5 · Oct 9, 2022 · 241a8b7 · 241a8b7
1 parent 5c79c8f
commit 241a8b7
Show file tree

Hide file tree

Showing 7 changed files with 54 additions and 16 deletions.
diff --git a/hippo4j-auth/src/main/java/cn/hippo4j/auth/config/GlobalSecurityConfig.java b/hippo4j-auth/src/main/java/cn/hippo4j/auth/config/GlobalSecurityConfig.java
@@ -22,6 +22,7 @@
 import cn.hippo4j.auth.filter.JWTAuthorizationFilter;
 import cn.hippo4j.auth.security.JwtTokenManager;
 import cn.hippo4j.auth.service.impl.UserDetailsServiceImpl;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -50,6 +51,9 @@
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class GlobalSecurityConfig extends WebSecurityConfigurerAdapter {
 
+    @Value("${hippo4j.core.auth.enabled:true}")
+    private Boolean enableAuthentication;
+
     @Resource
     private UserDetailsService userDetailsService;
 
@@ -93,16 +97,23 @@ protected void configure(HttpSecurity http) throws Exception {
                 .authorizeRequests()
                 .antMatchers("/static/**", "/index.html", "/favicon.ico", "/avatar.jpg").permitAll()
                 .antMatchers("/doc.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs").anonymous()
-                .anyRequest().authenticated()
                 .and()
                 .addFilter(new JWTAuthenticationFilter(authenticationManager()))
                 .addFilter(new JWTAuthorizationFilter(tokenManager, authenticationManager()))
                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+        disableAuthenticationIfNeeded(http);
+        http.authorizeRequests().anyRequest().authenticated();
     }
 
     @Override
     public void configure(WebSecurity web) throws Exception {
         String[] ignores = Stream.of("/hippo4j/v1/cs/auth/users/apply/token/**").toArray(String[]::new);
         web.ignoring().antMatchers(ignores);
     }
+
+    private void disableAuthenticationIfNeeded(HttpSecurity http) throws Exception {
+        if (Boolean.FALSE.equals(enableAuthentication)) {
+            http.authorizeRequests().antMatchers("/hippo4j/v1/cs/**").permitAll();
+        }
+    }
 }
diff --git a/hippo4j-auth/src/main/java/cn/hippo4j/auth/filter/JWTAuthenticationFilter.java b/hippo4j-auth/src/main/java/cn/hippo4j/auth/filter/JWTAuthenticationFilter.java
@@ -68,6 +68,7 @@ public Authentication attemptAuthentication(HttpServletRequest request,
         Authentication authenticate = null;
         try {
             LoginUser loginUser = new ObjectMapper().readValue(request.getInputStream(), LoginUser.class);
+            request.setAttribute("loginUser", loginUser);
             rememberMe.set(loginUser.getRememberMe());
             authenticate = authenticationManager.authenticate(
                     new UsernamePasswordAuthenticationToken(loginUser.getUsername(), loginUser.getPassword(), new ArrayList()));

diff --git a/hippo4j-auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java b/hippo4j-auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java
@@ -20,14 +20,21 @@
 import cn.hippo4j.auth.mapper.UserMapper;
 import cn.hippo4j.auth.model.UserInfo;
 import cn.hippo4j.auth.model.biz.user.JwtUser;
+import cn.hippo4j.auth.model.biz.user.LoginUser;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
 import java.util.Collections;
 import java.util.Objects;
 import java.util.Set;
@@ -38,11 +45,18 @@
 @Slf4j
 public class UserDetailsServiceImpl implements UserDetailsService {
 
+    @Value("${hippo4j.core.auth.enabled:true}")
+    private Boolean enableAuthentication;
+
     @Resource
     private UserMapper userMapper;
 
     @Override
     public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
+        JwtUser anonymous = dealWithAnonymous();
+        if (!Objects.isNull(anonymous)) {
+            return anonymous;
+        }
         UserInfo userInfo = userMapper.selectOne(Wrappers.lambdaQuery(UserInfo.class).eq(UserInfo::getUserName, userName));
         if (Objects.isNull(userInfo)) {
             log.warn("User {} not found", userName);
@@ -56,4 +70,27 @@ public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundEx
         jwtUser.setAuthorities(authorities);
         return jwtUser;
     }
+
+    private JwtUser dealWithAnonymous() {
+        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
+        if (requestAttributes == null) {
+            return null;
+        }
+        HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
+        LoginUser loginUser = (LoginUser) request.getAttribute("loginUser");
+        if (Objects.isNull(loginUser)) {
+            return null;
+        }
+        if (Boolean.FALSE.equals(enableAuthentication)) {
+            JwtUser jwtUser = new JwtUser();
+            BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
+            jwtUser.setId(1L);
+            jwtUser.setUsername("anonymous");
+            jwtUser.setPassword(bCryptPasswordEncoder.encode(loginUser.getPassword()));
+            Set<SimpleGrantedAuthority> authorities = Collections.singleton(new SimpleGrantedAuthority("ROLE_ADMIN"));
+            jwtUser.setAuthorities(authorities);
+            return jwtUser;
+        }
+        return null;
+    }
 }
diff --git a/hippo4j-core/src/main/java/cn/hippo4j/core/enable/BeforeCheckConfiguration.java b/hippo4j-core/src/main/java/cn/hippo4j/core/enable/BeforeCheckConfiguration.java
@@ -42,18 +42,6 @@ public BeforeCheckConfiguration.BeforeCheck dynamicThreadPoolBeforeCheckBean(@Au
                                                                                  ConfigurableEnvironment environment) {
         boolean checkFlag = properties != null && Objects.equals(bootstrapPropertiesClassName, properties.getClass().getName()) && properties.getEnable();
         if (checkFlag) {
-            String username = properties.getUsername();
-            if (StringUtil.isBlank(username)) {
-                throw new ConfigEmptyException(
-                        "Web server failed to start. The dynamic thread pool username is empty.",
-                        "Please check whether the [spring.dynamic.thread-pool.username] configuration is empty or an empty string.");
-            }
-            String password = properties.getPassword();
-            if (StringUtil.isBlank(password)) {
-                throw new ConfigEmptyException(
-                        "Web server failed to start. The dynamic thread pool password is empty.",
-                        "Please check whether the [spring.dynamic.thread-pool.password] configuration is empty or an empty string.");
-            }
             String namespace = properties.getNamespace();
             if (StringUtil.isBlank(namespace)) {
                 throw new ConfigEmptyException(

diff --git a/...o4j-example/hippo4j-spring-boot-starter-example/src/main/resources/application.properties b/...o4j-example/hippo4j-spring-boot-starter-example/src/main/resources/application.properties
@@ -15,8 +15,8 @@ spring.dynamic.thread-pool.server-addr=http://localhost:6691
 # spring.dynamic.thread-pool.netty-server-port=8899
 spring.dynamic.thread-pool.namespace=prescription
 spring.dynamic.thread-pool.item-id=dynamic-threadpool-example
-spring.dynamic.thread-pool.username=admin
-spring.dynamic.thread-pool.password=123456
+#spring.dynamic.thread-pool.username=admin
+#spring.dynamic.thread-pool.password=123456
 
 # Enable server and micrometer monitoring at the same time
 spring.dynamic.thread-pool.collect-type=server,micrometer
diff --git a/hippo4j-server/src/main/resources/application.properties b/hippo4j-server/src/main/resources/application.properties
@@ -20,6 +20,7 @@ tenant=hippo4j
 ### Regularly clean up the historical running data of thread pool. unit: minute.
 hippo4j.core.clean-history-data-period=30
 hippo4j.core.clean-history-data-enable=true
+hippo4j.core.auth.enabled=false
 
 ### Initialize the database dialect class.
 hippo4j.database.dialect=mysql

diff --git a/...-starter/src/main/java/cn/hippo4j/springboot/starter/remote/HttpScheduledHealthCheck.java b/...-starter/src/main/java/cn/hippo4j/springboot/starter/remote/HttpScheduledHealthCheck.java
@@ -44,7 +44,7 @@ protected boolean sendHealthCheck() {
                 healthStatus = true;
             }
         } catch (Throwable ex) {
-            log.error("Failed to periodically check the health status of the server.", ex.getMessage());
+            log.error("Failed to periodically check the health status of the server. message: {}", ex.getMessage());
         }
         return healthStatus;
     }