init commit for spring security integration

2024-11-10 17:13:46 +08:00 · 2015-04-08 11:24:31 +08:00 · 2015-04-08 11:24:31 +08:00 · b6c648b847
commit b6c648b847
parent 964deb5147
9 changed files with 320 additions and 3 deletions
--- a/pom.xml
+++ b/pom.xml
@ -111,6 +111,17 @@
            <version>${spring.version}</version>
            <scope>test</scope>
        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>4.0.0.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>4.0.0.RELEASE</version>
+        </dependency>
+
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
--- a/src/main/java/com/ctrip/zeus/restful/resource/AppResource.java
+++ b/src/main/java/com/ctrip/zeus/restful/resource/AppResource.java
@ -8,6 +8,7 @@ import com.ctrip.zeus.model.transform.DefaultJsonParser;
 import com.ctrip.zeus.model.transform.DefaultSaxParser;
 import com.ctrip.zeus.restful.message.ResponseHandler;
 import com.ctrip.zeus.service.model.AppRepository;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Component;

 import javax.annotation.Resource;
@ -34,6 +35,7 @@ public class AppResource {

    @GET
    @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+    @PreAuthorize("hasRole('ROLE_DUMMY')")
    public Response list(@Context HttpHeaders hh,
                         @QueryParam("from") long fromId,
                         @QueryParam("maxCount") int maxCount) throws Exception {
--- a/src/main/java/com/ctrip/zeus/restful/resource/StatusResource.java
+++ b/src/main/java/com/ctrip/zeus/restful/resource/StatusResource.java
@ -65,7 +65,6 @@ public class StatusResource {
    @Path("/app/{appName:[a-zA-Z0-9_-]+}")
    @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
    public Response appStatus(@Context HttpHeaders hh, @PathParam("appName") String appName) throws Exception {
-
        List<AppStatus> statusList = appStatusService.getAppStatus(appName);
        AppStatusList result = new AppStatusList();
        for (AppStatus appStatus : statusList) {
@ -83,7 +82,6 @@ public class StatusResource {
    @Path("/app/{appName:[a-zA-Z0-9_-]+}/slb/{slbName:[a-zA-Z0-9_-]+}")
    @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
    public Response appSlbStatus(@Context HttpHeaders hh, @PathParam("appName") String appName, @PathParam("slbName") String slbName) throws Exception {
-
        AppStatus appStatus = appStatusService.getAppStatus(appName, slbName);

        if (MediaType.APPLICATION_XML_TYPE.equals(hh.getMediaType())) {
--- a/src/main/java/com/ctrip/zeus/server/SlbAdminServer.java
+++ b/src/main/java/com/ctrip/zeus/server/SlbAdminServer.java
@ -8,6 +8,7 @@ import org.apache.jasper.servlet.JspServlet;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.session.SessionHandler;
 import org.eclipse.jetty.servlet.DefaultServlet;
+import org.eclipse.jetty.servlet.FilterHolder;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.servlet.ServletHolder;
 import org.eclipse.jetty.servlets.GzipFilter;
@ -16,6 +17,7 @@ import org.glassfish.jersey.servlet.ServletContainer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.context.ContextLoaderListener;
+import org.springframework.web.filter.DelegatingFilterProxy;

 import javax.servlet.DispatcherType;
 import java.io.File;
@ -62,7 +64,7 @@ public class SlbAdminServer extends AbstractServer {
        supportJsp(handler);

        //Support Spring
-        handler.setInitParameter("contextConfigLocation", "classpath*:" + springContextFile.get());
+        handler.setInitParameter("contextConfigLocation", "classpath*:" + springContextFile.get() + ",classpath*:spring-context-security.xml");
        ContextLoaderListener sprintContextListener = new ContextLoaderListener();
        handler.addEventListener(sprintContextListener);

@ -74,6 +76,8 @@ public class SlbAdminServer extends AbstractServer {
        handler.addFilter(GzipFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST))
                .setInitParameter("mimeTypes", "application/json, application/xml,text/xml, text/html");

+        handler.addFilter(new FilterHolder(new DelegatingFilterProxy("springSecurityFilterChain")), "/*", EnumSet.of(DispatcherType.REQUEST));
+
        //Config Servlet
        handler.addServlet(jerseyServletHolder, "/api/*");
        handler.addServlet(staticServletHolder, "/");
--- a/src/main/resources/META-INF/dal/jdbc/core-auth.xml
+++ b/src/main/resources/META-INF/dal/jdbc/core-auth.xml
@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<entities do-package="com.ctrip.zeus.dal.core" gen="true" do-class-suffix="Do">
+    <entity name="auth-user-role" table="auth-user-role" alias="aur" do-class="AuthUserRoleDo">
+        <query-defs>
+            <query name="update-by-name" type="UPDATE">
+                <param name="name"/>
+                <statement>
+                    <![CDATA[
+                    UPDATE <TABLE/>
+                    SET <FIELD name='app-id'/> = ${app-id},
+                        version = version + 1,
+                        <FIELD name='last-modified'/> = NOW()
+                    WHERE <FIELD name='name'/> = ${name}
+                    ]]>
+                </statement>
+            </query>
+            <query name="delete-by-name" type="DELETE">
+                <param name="name"/>
+                <statement>
+                    <![CDATA[
+                    DELETE FROM <TABLE/>
+                    WHERE <FIELD name='name'/> = ${name}
+                    ]]>
+                </statement>
+            </query>
+            <query name="find-all" type="SELECT" multiple="true">
+                <statement>
+                    <![CDATA[
+                    SELECT <FIELDS/>
+                    FROM <TABLE/>
+                    ]]>
+                </statement>
+            </query>
+            <query name="find-limit" type="SELECT" multiple="true">
+                <param name="id"/>
+                <param name="max-count"/>
+                <statement>
+                    <![CDATA[
+                    SELECT <FIELDS/>
+                    FROM <TABLE/>
+                        WHERE <FIELD name='id'/> > ${id}
+                        LIMIT ${max-count}
+                    ]]>
+                </statement>
+            </query>
+            <query name="find-by-user-name" type="SELECT" multiple="true">
+                <param name="user-name"/>
+                <statement>
+                    <![CDATA[
+                    SELECT <FIELDS/>
+                    FROM <TABLE/>
+                        WHERE <FIELD name='user-name'/> = ${user-name}
+                    ]]>
+                </statement>
+            </query>
+        </query-defs>
+    </entity>
+
+</entities>
+
--- a/src/main/resources/META-INF/dal/jdbc/core-codegen.xml
+++ b/src/main/resources/META-INF/dal/jdbc/core-codegen.xml
@ -287,6 +287,179 @@
      </query>
    </query-defs>
  </entity>
+  <entity name="auth-resource" table="auth_resource" alias="ar">
+    <member name="id" field="id" value-type="int" length="10" nullable="false" key="true" auto-increment="true" />
+    <member name="resource-name" field="resource_name" value-type="String" length="100" nullable="false" />
+    <member name="resource-type" field="resource_type" value-type="String" length="50" />
+    <member name="description" field="description" value-type="String" length="100" />
+    <var name="key-id" value-type="int" key-member="id" />
+    <primary-key name="PRIMARY" members="id" />
+    <readsets>
+      <readset name="FULL" all="true" />
+    </readsets>
+    <updatesets>
+      <updateset name="FULL" all="true" />
+    </updatesets>
+    <query-defs>
+      <query name="find-by-PK" type="SELECT">
+        <param name="key-id" />
+        <statement><![CDATA[SELECT <FIELDS/>
+        FROM <TABLE/>
+        WHERE <FIELD name='id'/> = ${key-id}]]></statement>
+      </query>
+      <query name="insert" type="INSERT">
+        <statement><![CDATA[INSERT INTO <TABLE/>(<FIELDS/>)
+        VALUES(<VALUES/>)]]></statement>
+      </query>
+      <query name="update-by-PK" type="UPDATE">
+        <param name="key-id" />
+        <statement><![CDATA[UPDATE <TABLE/>
+        SET <FIELDS/>
+        WHERE <FIELD name='id'/> = ${key-id}]]></statement>
+      </query>
+      <query name="delete-by-PK" type="DELETE">
+        <param name="key-id" />
+        <statement><![CDATA[DELETE FROM <TABLE/>
+        WHERE <FIELD name='id'/> = ${key-id}]]></statement>
+      </query>
+    </query-defs>
+  </entity>
+  <entity name="auth-role" table="auth_role" alias="ar2">
+    <member name="id" field="id" value-type="int" length="10" nullable="false" key="true" auto-increment="true" />
+    <member name="role-name" field="role_name" value-type="String" length="50" nullable="false" />
+    <member name="description" field="description" value-type="String" length="100" />
+    <var name="key-id" value-type="int" key-member="id" />
+    <primary-key name="PRIMARY" members="id" />
+    <readsets>
+      <readset name="FULL" all="true" />
+    </readsets>
+    <updatesets>
+      <updateset name="FULL" all="true" />
+    </updatesets>
+    <query-defs>
+      <query name="find-by-PK" type="SELECT">
+        <param name="key-id" />
+        <statement><![CDATA[SELECT <FIELDS/>
+        FROM <TABLE/>
+        WHERE <FIELD name='id'/> = ${key-id}]]></statement>
+      </query>
+      <query name="insert" type="INSERT">
+        <statement><![CDATA[INSERT INTO <TABLE/>(<FIELDS/>)
+        VALUES(<VALUES/>)]]></statement>
+      </query>
+      <query name="update-by-PK" type="UPDATE">
+        <param name="key-id" />
+        <statement><![CDATA[UPDATE <TABLE/>
+        SET <FIELDS/>
+        WHERE <FIELD name='id'/> = ${key-id}]]></statement>
+      </query>
+      <query name="delete-by-PK" type="DELETE">
+        <param name="key-id" />
+        <statement><![CDATA[DELETE FROM <TABLE/>
+        WHERE <FIELD name='id'/> = ${key-id}]]></statement>
+      </query>
+    </query-defs>
+  </entity>
+  <entity name="auth-role-group" table="auth_role_group" alias="arg">
+    <member name="id" field="id" value-type="int" length="10" nullable="false" key="true" auto-increment="true" />
+    <member name="role-id" field="role_id" value-type="int" length="10" nullable="false" />
+    <member name="group" field="group" value-type="String" length="50" nullable="false" />
+    <var name="key-id" value-type="int" key-member="id" />
+    <primary-key name="PRIMARY" members="id" />
+    <readsets>
+      <readset name="FULL" all="true" />
+    </readsets>
+    <updatesets>
+      <updateset name="FULL" all="true" />
+    </updatesets>
+    <query-defs>
+      <query name="find-by-PK" type="SELECT">
+        <param name="key-id" />
+        <statement><![CDATA[SELECT <FIELDS/>
+        FROM <TABLE/>
+        WHERE <FIELD name='id'/> = ${key-id}]]></statement>
+      </query>
+      <query name="insert" type="INSERT">
+        <statement><![CDATA[INSERT INTO <TABLE/>(<FIELDS/>)
+        VALUES(<VALUES/>)]]></statement>
+      </query>
+      <query name="update-by-PK" type="UPDATE">
+        <param name="key-id" />
+        <statement><![CDATA[UPDATE <TABLE/>
+        SET <FIELDS/>
+        WHERE <FIELD name='id'/> = ${key-id}]]></statement>
+      </query>
+      <query name="delete-by-PK" type="DELETE">
+        <param name="key-id" />
+        <statement><![CDATA[DELETE FROM <TABLE/>
+        WHERE <FIELD name='id'/> = ${key-id}]]></statement>
+      </query>
+    </query-defs>
+  </entity>
+  <entity name="auth-role-resource" table="auth_role_resource" alias="arr">
+    <member name="id" field="id" value-type="int" length="10" nullable="false" key="true" auto-increment="true" />
+    <member name="role-id" field="role_id" value-type="int" length="10" nullable="false" />
+    <member name="resource-id" field="resource_id" value-type="int" length="10" nullable="false" />
+    <var name="key-id" value-type="int" key-member="id" />
+    <primary-key name="PRIMARY" members="id" />
+    <readsets>
+      <readset name="FULL" all="true" />
+    </readsets>
+    <updatesets>
+      <updateset name="FULL" all="true" />
+    </updatesets>
+    <query-defs>
+      <query name="find-by-PK" type="SELECT">
+        <param name="key-id" />
+        <statement><![CDATA[SELECT <FIELDS/>
+        FROM <TABLE/>
+        WHERE <FIELD name='id'/> = ${key-id}]]></statement>
+      </query>
+      <query name="insert" type="INSERT">
+        <statement><![CDATA[INSERT INTO <TABLE/>(<FIELDS/>)
+        VALUES(<VALUES/>)]]></statement>
+      </query>
+      <query name="update-by-PK" type="UPDATE">
+        <param name="key-id" />
+        <statement><![CDATA[UPDATE <TABLE/>
+        SET <FIELDS/>
+        WHERE <FIELD name='id'/> = ${key-id}]]></statement>
+      </query>
+      <query name="delete-by-PK" type="DELETE">
+        <param name="key-id" />
+        <statement><![CDATA[DELETE FROM <TABLE/>
+        WHERE <FIELD name='id'/> = ${key-id}]]></statement>
+      </query>
+    </query-defs>
+  </entity>
+  <entity name="auth-user-role" table="auth_user_role" alias="aur">
+    <member name="user-name" field="user_name" value-type="String" length="50" />
+    <member name="rd-id" field="rd_id" value-type="int" length="10" />
+    <primary-key />
+    <readsets>
+      <readset name="FULL" all="true" />
+    </readsets>
+    <updatesets>
+      <updateset name="FULL" all="true" />
+    </updatesets>
+    <query-defs>
+      <query name="find-by-PK" type="SELECT">
+        <statement><![CDATA[SELECT <FIELDS/>
+        FROM <TABLE/>]]></statement>
+      </query>
+      <query name="insert" type="INSERT">
+        <statement><![CDATA[INSERT INTO <TABLE/>(<FIELDS/>)
+        VALUES(<VALUES/>)]]></statement>
+      </query>
+      <query name="update-by-PK" type="UPDATE">
+        <statement><![CDATA[UPDATE <TABLE/>
+        SET <FIELDS/>]]></statement>
+      </query>
+      <query name="delete-by-PK" type="DELETE">
+        <statement><![CDATA[DELETE FROM <TABLE/>]]></statement>
+      </query>
+    </query-defs>
+  </entity>
  <entity name="build-info" table="build_info" alias="bi">
    <member name="id" field="id" value-type="long" length="19" nullable="false" key="true" auto-increment="true" />
    <member name="name" field="name" value-type="String" length="200" />
--- a/src/main/resources/META-INF/wizard/jdbc/wizard.xml
+++ b/src/main/resources/META-INF/wizard/jdbc/wizard.xml
@ -33,6 +33,11 @@
         <table name="nginx_server"/>
         <table name="conf_app_slb_active"/>
         <table name="dist_lock"/>
+         <table name="auth_resource"/>
+         <table name="auth_role_group"/>
+         <table name="auth_role"/>
+         <table name="auth_role_resource"/>
+         <table name="auth_user_role"/>
      </group>
   </jdbc>
 </wizard>
--- a/src/main/resources/spring-context-security.xml
+++ b/src/main/resources/spring-context-security.xml
@ -0,0 +1,28 @@
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:security="http://www.springframework.org/schema/security"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
+		  http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+		  http://www.springframework.org/schema/security
+		  http://www.springframework.org/schema/security/spring-security.xsd">
+
+    <!-- To allow public access by default and to set authentication mode to basic login/password -->
+    <security:http>
+        <security:anonymous enabled="true"/>
+        <security:http-basic/>
+    </security:http>
+
+    <!-- To delegate authorization to method calls rather than to urls -->
+    <!-- (Thus, we don't need to set any url-interceptor in this conf) -->
+    <security:global-method-security pre-post-annotations="enabled"/>
+
+    <!-- To create user/password with roles -->
+    <security:authentication-manager alias="authenticationManager">
+        <security:authentication-provider>
+            <security:user-service>
+                <security:user authorities="ROLE_DUMMY"
+                               name="user1" password="strongpassword1"/>
+            </security:user-service>
+        </security:authentication-provider>
+    </security:authentication-manager>
+</beans>
--- a/src/test/resources/com/ctrip/zeus/model/auth.xml
+++ b/src/test/resources/com/ctrip/zeus/model/auth.xml
@ -0,0 +1,36 @@
+<auth>
+    <user-roles>
+        <user-name>user1</user-name>
+        <role-groups>
+            <role-group>
+                <role-name>SlbAdmin</role-name>
+                <group-name>slb1</group-name>
+                <description>slb admin</description>
+            </role-group>
+            <role-group>
+                <role-name>AppAdmin</role-name>
+                <group-name>app1</group-name>
+                <description>app admin</description>
+            </role-group>
+            <role-group>
+                <role-name>SuperAdmin</role-name>
+                <group-name>none</group-name>
+                <description>super admin</description>
+            </role-group>
+        </role-groups>
+    </user-roles>
+
+    <resource>
+        <resource-name>createSLB</resource-name>
+        <resource-type>action</resource-type>
+        <description>create slb cluster</description>
+    </resource>
+
+    <resource-roles>
+        <resource/>
+        <roles>
+            <role-name>role1</role-name>
+            <role-name>role1</role-name>
+        </roles>
+    </resource-roles>
+</auth>