diff --git a/hippo4j-auth/src/main/java/cn/hippo4j/auth/config/GlobalSecurityConfig.java b/hippo4j-auth/src/main/java/cn/hippo4j/auth/config/GlobalSecurityConfig.java index 2bfc097aa2..f3f0d9eaa8 100644 --- a/hippo4j-auth/src/main/java/cn/hippo4j/auth/config/GlobalSecurityConfig.java +++ b/hippo4j-auth/src/main/java/cn/hippo4j/auth/config/GlobalSecurityConfig.java @@ -22,6 +22,7 @@ import cn.hippo4j.auth.filter.JWTAuthorizationFilter; import cn.hippo4j.auth.security.JwtTokenManager; import cn.hippo4j.auth.service.impl.UserDetailsServiceImpl; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; @@ -50,6 +51,9 @@ @EnableGlobalMethodSecurity(prePostEnabled = true) public class GlobalSecurityConfig extends WebSecurityConfigurerAdapter { + @Value("${hippo4j.core.auth.enabled:true}") + private Boolean enableAuthentication; + @Resource private UserDetailsService userDetailsService; @@ -93,11 +97,12 @@ protected void configure(HttpSecurity http) throws Exception { .authorizeRequests() .antMatchers("/static/**", "/index.html", "/favicon.ico", "/avatar.jpg").permitAll() .antMatchers("/doc.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs").anonymous() - .anyRequest().authenticated() .and() .addFilter(new JWTAuthenticationFilter(authenticationManager())) .addFilter(new JWTAuthorizationFilter(tokenManager, authenticationManager())) .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); + disableAuthenticationIfNeeded(http); + http.authorizeRequests().anyRequest().authenticated(); } @Override @@ -105,4 +110,10 @@ public void configure(WebSecurity web) throws Exception { String[] ignores = Stream.of("/hippo4j/v1/cs/auth/users/apply/token/**").toArray(String[]::new); web.ignoring().antMatchers(ignores); } + + private void disableAuthenticationIfNeeded(HttpSecurity http) throws Exception { + if (Boolean.FALSE.equals(enableAuthentication)) { + http.authorizeRequests().antMatchers("/hippo4j/v1/cs/**").permitAll(); + } + } } diff --git a/hippo4j-auth/src/main/java/cn/hippo4j/auth/filter/JWTAuthenticationFilter.java b/hippo4j-auth/src/main/java/cn/hippo4j/auth/filter/JWTAuthenticationFilter.java index 0f93e91860..8711e89b4b 100644 --- a/hippo4j-auth/src/main/java/cn/hippo4j/auth/filter/JWTAuthenticationFilter.java +++ b/hippo4j-auth/src/main/java/cn/hippo4j/auth/filter/JWTAuthenticationFilter.java @@ -68,6 +68,7 @@ public Authentication attemptAuthentication(HttpServletRequest request, Authentication authenticate = null; try { LoginUser loginUser = new ObjectMapper().readValue(request.getInputStream(), LoginUser.class); + request.setAttribute("loginUser", loginUser); rememberMe.set(loginUser.getRememberMe()); authenticate = authenticationManager.authenticate( new UsernamePasswordAuthenticationToken(loginUser.getUsername(), loginUser.getPassword(), new ArrayList())); diff --git a/hippo4j-auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java b/hippo4j-auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java index 19688fd1e8..da6d359b79 100644 --- a/hippo4j-auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java +++ b/hippo4j-auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java @@ -20,14 +20,21 @@ import cn.hippo4j.auth.mapper.UserMapper; import cn.hippo4j.auth.model.UserInfo; import cn.hippo4j.auth.model.biz.user.JwtUser; +import cn.hippo4j.auth.model.biz.user.LoginUser; import com.baomidou.mybatisplus.core.toolkit.Wrappers; import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.web.context.request.RequestAttributes; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; import javax.annotation.Resource; +import javax.servlet.http.HttpServletRequest; import java.util.Collections; import java.util.Objects; import java.util.Set; @@ -38,11 +45,18 @@ @Slf4j public class UserDetailsServiceImpl implements UserDetailsService { + @Value("${hippo4j.core.auth.enabled:true}") + private Boolean enableAuthentication; + @Resource private UserMapper userMapper; @Override public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException { + JwtUser anonymous = dealWithAnonymous(); + if (!Objects.isNull(anonymous)) { + return anonymous; + } UserInfo userInfo = userMapper.selectOne(Wrappers.lambdaQuery(UserInfo.class).eq(UserInfo::getUserName, userName)); if (Objects.isNull(userInfo)) { log.warn("User {} not found", userName); @@ -56,4 +70,27 @@ public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundEx jwtUser.setAuthorities(authorities); return jwtUser; } + + private JwtUser dealWithAnonymous() { + RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes(); + if (requestAttributes == null) { + return null; + } + HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest(); + LoginUser loginUser = (LoginUser) request.getAttribute("loginUser"); + if (Objects.isNull(loginUser)) { + return null; + } + if (Boolean.FALSE.equals(enableAuthentication)) { + JwtUser jwtUser = new JwtUser(); + BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder(); + jwtUser.setId(1L); + jwtUser.setUsername("anonymous"); + jwtUser.setPassword(bCryptPasswordEncoder.encode(loginUser.getPassword())); + Set authorities = Collections.singleton(new SimpleGrantedAuthority("ROLE_ADMIN")); + jwtUser.setAuthorities(authorities); + return jwtUser; + } + return null; + } } diff --git a/hippo4j-core/src/main/java/cn/hippo4j/core/enable/BeforeCheckConfiguration.java b/hippo4j-core/src/main/java/cn/hippo4j/core/enable/BeforeCheckConfiguration.java index 5a9c64b54e..bbcc377dda 100644 --- a/hippo4j-core/src/main/java/cn/hippo4j/core/enable/BeforeCheckConfiguration.java +++ b/hippo4j-core/src/main/java/cn/hippo4j/core/enable/BeforeCheckConfiguration.java @@ -42,18 +42,6 @@ public BeforeCheckConfiguration.BeforeCheck dynamicThreadPoolBeforeCheckBean(@Au ConfigurableEnvironment environment) { boolean checkFlag = properties != null && Objects.equals(bootstrapPropertiesClassName, properties.getClass().getName()) && properties.getEnable(); if (checkFlag) { - String username = properties.getUsername(); - if (StringUtil.isBlank(username)) { - throw new ConfigEmptyException( - "Web server failed to start. The dynamic thread pool username is empty.", - "Please check whether the [spring.dynamic.thread-pool.username] configuration is empty or an empty string."); - } - String password = properties.getPassword(); - if (StringUtil.isBlank(password)) { - throw new ConfigEmptyException( - "Web server failed to start. The dynamic thread pool password is empty.", - "Please check whether the [spring.dynamic.thread-pool.password] configuration is empty or an empty string."); - } String namespace = properties.getNamespace(); if (StringUtil.isBlank(namespace)) { throw new ConfigEmptyException( diff --git a/hippo4j-example/hippo4j-spring-boot-starter-example/src/main/resources/application.properties b/hippo4j-example/hippo4j-spring-boot-starter-example/src/main/resources/application.properties index 481e87f892..5ec113abb2 100644 --- a/hippo4j-example/hippo4j-spring-boot-starter-example/src/main/resources/application.properties +++ b/hippo4j-example/hippo4j-spring-boot-starter-example/src/main/resources/application.properties @@ -15,8 +15,8 @@ spring.dynamic.thread-pool.server-addr=http://localhost:6691 # spring.dynamic.thread-pool.netty-server-port=8899 spring.dynamic.thread-pool.namespace=prescription spring.dynamic.thread-pool.item-id=dynamic-threadpool-example -spring.dynamic.thread-pool.username=admin -spring.dynamic.thread-pool.password=123456 +#spring.dynamic.thread-pool.username=admin +#spring.dynamic.thread-pool.password=123456 # Enable server and micrometer monitoring at the same time spring.dynamic.thread-pool.collect-type=server,micrometer diff --git a/hippo4j-server/src/main/resources/application.properties b/hippo4j-server/src/main/resources/application.properties index b14c92fd8e..eef0f1104a 100644 --- a/hippo4j-server/src/main/resources/application.properties +++ b/hippo4j-server/src/main/resources/application.properties @@ -20,6 +20,7 @@ tenant=hippo4j ### Regularly clean up the historical running data of thread pool. unit: minute. hippo4j.core.clean-history-data-period=30 hippo4j.core.clean-history-data-enable=true +hippo4j.core.auth.enabled=false ### Initialize the database dialect class. hippo4j.database.dialect=mysql diff --git a/hippo4j-spring-boot/hippo4j-spring-boot-starter/src/main/java/cn/hippo4j/springboot/starter/remote/HttpScheduledHealthCheck.java b/hippo4j-spring-boot/hippo4j-spring-boot-starter/src/main/java/cn/hippo4j/springboot/starter/remote/HttpScheduledHealthCheck.java index 0b78636303..5b7139d66b 100644 --- a/hippo4j-spring-boot/hippo4j-spring-boot-starter/src/main/java/cn/hippo4j/springboot/starter/remote/HttpScheduledHealthCheck.java +++ b/hippo4j-spring-boot/hippo4j-spring-boot-starter/src/main/java/cn/hippo4j/springboot/starter/remote/HttpScheduledHealthCheck.java @@ -44,7 +44,7 @@ protected boolean sendHealthCheck() { healthStatus = true; } } catch (Throwable ex) { - log.error("Failed to periodically check the health status of the server.", ex.getMessage()); + log.error("Failed to periodically check the health status of the server. message: {}", ex.getMessage()); } return healthStatus; }