Merge pull request #20 from tomsun28/quarkus-sureness

support protect quarkus feature

core/pom.xml

@@ -48,9 +48,10 @@
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <javax.servlet.version>3.1.0</javax.servlet.version>
+        <javax.ws.rs.version>2.1.1</javax.ws.rs.version>
         <jjwt.version>0.9.0</jjwt.version>
         <yaml.version>1.17</yaml.version>
-        <servlet.api.version>3.1.0</servlet.api.version>
         <xml.bind.version>2.3.0</xml.bind.version>
         <slf4j.version>1.7.21</slf4j.version>
         <junit.version>4.12</junit.version>
@@ -60,7 +61,13 @@
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>javax.servlet-api</artifactId>
-            <version>${servlet.api.version}</version>
+            <version>${javax.servlet.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.ws.rs</groupId>
+            <artifactId>javax.ws.rs-api</artifactId>
+            <version>${javax.ws.rs.version}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>

core/src/main/java/com/usthe/sureness/DefaultSurenessConfig.java

@@ -8,10 +8,15 @@
 import com.usthe.sureness.processor.support.NoneProcessor;
 import com.usthe.sureness.processor.support.PasswordProcessor;
 import com.usthe.sureness.provider.ducument.DocumentResourceDefaultProvider;
+import com.usthe.sureness.subject.SubjectCreate;
 import com.usthe.sureness.subject.SubjectFactory;
 import com.usthe.sureness.subject.SurenessSubjectFactory;
-import com.usthe.sureness.subject.creater.JwtSubjectCreator;
-import com.usthe.sureness.subject.creater.BasicAuthPasswordSubjectCreator;
+import com.usthe.sureness.subject.creater.BasicSubjectJaxRsCreator;
+import com.usthe.sureness.subject.creater.JwtSubjectJaxRsCreator;
+import com.usthe.sureness.subject.creater.JwtSubjectServletCreator;
+import com.usthe.sureness.subject.creater.BasicSubjectServletCreator;
+import com.usthe.sureness.subject.creater.NoneSubjectJaxRsCreator;
+import com.usthe.sureness.subject.creater.NoneSubjectServletCreator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -20,18 +25,26 @@
 import java.util.List;
 
 /** 对用文件做持久层权限资源方式的默认配置
+ * support servlet or jax-rs, default servlet
  * @author tomsun28
  * @date 11:26 2019-05-26
  */
 public class DefaultSurenessConfig {
 
     private static final Logger logger = LoggerFactory.getLogger(DefaultSurenessConfig.class);
 
+    public static final String SUPPORT_SERVLET = "servlet";
+    public static final String SUPPORT_JAX_RS = "jax-rs";
+
     public DefaultSurenessConfig() {
-        this.init();
+        this.init(SUPPORT_SERVLET);
+    }
+
+    public DefaultSurenessConfig(String supportContainer) {
+        this.init(supportContainer);
     }
 
-    private void init() {
+    private void init(String supportContainer) {
         // resource init
         DocumentResourceDefaultProvider resourceProvider = new DocumentResourceDefaultProvider();
         if (logger.isDebugEnabled()) {
@@ -62,9 +75,19 @@ private void init() {
 
         // SubjectFactory init
         SubjectFactory subjectFactory = new SurenessSubjectFactory();
-        subjectFactory.registerSubjectCreator(Arrays.asList(
-                new BasicAuthPasswordSubjectCreator(),
-                new JwtSubjectCreator()));
+        List<SubjectCreate> subjectCreates;
+        if (SUPPORT_JAX_RS.equals(supportContainer)) {
+            subjectCreates = Arrays.asList(
+                    new NoneSubjectJaxRsCreator(),
+                    new BasicSubjectJaxRsCreator(),
+                    new JwtSubjectJaxRsCreator());
+        } else {
+            subjectCreates = Arrays.asList(
+                    new NoneSubjectServletCreator(),
+                    new BasicSubjectServletCreator(),
+                    new JwtSubjectServletCreator());
+        }
+        subjectFactory.registerSubjectCreator(subjectCreates);
         if (logger.isDebugEnabled()) {
             logger.debug("SurenessSubjectFactory init");
         }

core/src/main/java/com/usthe/sureness/matcher/DefaultPathRoleMatcher.java

@@ -6,7 +6,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Set;
@@ -110,12 +109,9 @@ public void rebuildTree() {
     }
 
     @Override
-    public boolean isExcludedResource(Object request) {
+    public boolean isExcludedResource(Subject request) {
         checkComponentInit();
-        String requestUri = ((HttpServletRequest) request).getRequestURI();
-        String requestType = ((HttpServletRequest) request).getMethod();
-        String targetUri = requestUri.concat("===").concat(requestType).toLowerCase();
-        String exclude = excludeRoot.searchPathFilterRoles(targetUri);
+        String exclude = excludeRoot.searchPathFilterRoles((String) request.getTargetResource());
         return exclude != null && exclude.equals(EXCLUDE_ROLE);
     }
 

core/src/main/java/com/usthe/sureness/matcher/TreePathRoleMatcher.java

@@ -37,5 +37,5 @@ public interface TreePathRoleMatcher {
      * @param request 请求内容
      * @return 是排除资源true 否则false
      */
-    boolean isExcludedResource(Object request);
+    boolean isExcludedResource(Subject request);
 }

core/src/main/java/com/usthe/sureness/mgt/SurenessSecurityManager.java

@@ -57,18 +57,18 @@ private void checkComponentInit() {
 
     @Override
     public SubjectSum checkIn(Subject token) throws BaseSurenessException {
+        // 判断请求资源是否是配置的排除过滤资源
+        // 若是直接通行,返回NULL不抛异常
+        if (pathRoleMatcher.isExcludedResource(token)) {
+            return null;
+        }
         pathRoleMatcher.matchRole(token);
         return processorManager.process(token);
     }
 
     @Override
     public SubjectSum checkIn(Object var1) throws BaseSurenessException {
         checkComponentInit();
-        // 判断请求资源是否是配置的排除过滤资源
-        // 若是直接通行,返回NULL不抛异常
-        if (pathRoleMatcher.isExcludedResource(var1)) {
-            return null;
-        }
 
         // 创建subject list去一次一次认证鉴权尝试
         List<Subject> subjectList = createSubject(var1);

core/src/main/java/com/usthe/sureness/processor/support/NoneProcessor.java

@@ -4,6 +4,7 @@
 import com.usthe.sureness.processor.exception.SurenessAuthenticationException;
 import com.usthe.sureness.processor.exception.SurenessAuthorizationException;
 import com.usthe.sureness.processor.exception.UnauthorizedException;
+import com.usthe.sureness.processor.exception.UnknownAccountException;
 import com.usthe.sureness.subject.Subject;
 import com.usthe.sureness.subject.support.NoneSubject;
 import org.slf4j.Logger;
@@ -32,7 +33,7 @@ public Class<?> getSupportAuTokenClass() {
 
     @Override
     public Subject authenticated(Subject var) throws SurenessAuthenticationException {
-        return var;
+        throw new UnknownAccountException("the request do not have the auth detail, please input your auth");
     }
 
     @SuppressWarnings("unchecked")
@@ -43,7 +44,7 @@ public void authorized(Subject var) throws SurenessAuthorizationException {
             if (logger.isDebugEnabled()) {
                 logger.debug("NoneProcessor authorized fail, due {} need role access", var.getTargetResource());
             }
-            throw new UnauthorizedException("do not have the role access");
+            throw new UnauthorizedException("authorized forbidden, the request do not have the role access");
         }
     }
 }

core/src/main/java/com/usthe/sureness/subject/creater/BasicSubjectJaxRsCreator.java

@@ -0,0 +1,67 @@
+package com.usthe.sureness.subject.creater;
+
+import com.usthe.sureness.subject.Subject;
+import com.usthe.sureness.subject.SubjectCreate;
+import com.usthe.sureness.subject.support.PasswordSubject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.ws.rs.container.ContainerRequestContext;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+
+/**
+ * 支持通过basic auth 创建PasswordSubject 的创建者
+ * only support JAX-RS
+ * @author tomsun28
+ * @date 23:53 2020-09-20
+ */
+public class BasicSubjectJaxRsCreator implements SubjectCreate {
+
+    private static final Logger logger = LoggerFactory.getLogger(BasicSubjectJaxRsCreator.class);
+
+    private static final String AUTHORIZATION = "Authorization";
+    private static final String BASIC = "Basic";
+    private static final int COUNT_2 = 2;
+
+    @Override
+    public boolean canSupportSubject(Object context) {
+        // basic auth判断
+        // ("Authorization", "Basic YWRtaW46YWRtaW4=")        --- basic auth
+        if (context instanceof ContainerRequestContext) {
+            String authorization = ((ContainerRequestContext)context).getHeaderString(AUTHORIZATION);
+            return authorization != null && authorization.startsWith(BASIC);
+        } else {
+            return false;
+        }
+    }
+
+    @Override
+    public Subject createSubject(Object context) {
+        String authorization = ((ContainerRequestContext)context).getHeaderString(AUTHORIZATION);
+        //basic auth
+        String basicAuth = authorization.replace(BASIC, "").trim();
+        basicAuth = new String(Base64.getDecoder().decode(basicAuth), StandardCharsets.UTF_8);
+        String[] auth = basicAuth.split(":");
+        if (auth.length != COUNT_2) {
+            if (logger.isInfoEnabled()) {
+                logger.info("can not create basic auth PasswordSubject by this request message");
+            }
+            return null;
+        }
+        String username = auth[0];
+        if (username == null || "".equals(username)) {
+            if (logger.isInfoEnabled()) {
+                logger.info("can not create basic auth PasswordSubject by this request message, appId can not null");
+            }
+            return null;
+        }
+        String password = auth[1];
+        String requestUri = ((ContainerRequestContext) context).getUriInfo().getPath();
+        String requestType = ((ContainerRequestContext) context).getMethod();
+        String targetUri = requestUri.concat("===").concat(requestType).toLowerCase();
+        return PasswordSubject.builder(username, password)
+                .setTargetResource(targetUri)
+                .build();
+    }
+}

core/src/main/java/com/usthe/sureness/subject/creater/BasicAuthPasswordSubjectCreator.java → core/src/main/java/com/usthe/sureness/subject/creater/BasicSubjectServletCreator.java

@@ -12,12 +12,13 @@
 
 /**
  * 支持通过basic auth 创建PasswordSubject 的创建者
+ * only support HttpServletRequest
  * @author tomsun28
  * @date 23:53 2020-02-27
  */
-public class BasicAuthPasswordSubjectCreator implements SubjectCreate {
+public class BasicSubjectServletCreator implements SubjectCreate {
 
-    private static final Logger logger = LoggerFactory.getLogger(BasicAuthPasswordSubjectCreator.class);
+    private static final Logger logger = LoggerFactory.getLogger(BasicSubjectServletCreator.class);
 
     private static final String AUTHORIZATION = "Authorization";
     private static final String BASIC = "Basic";

core/src/main/java/com/usthe/sureness/subject/creater/JwtSubjectJaxRsCreator.java

@@ -0,0 +1,64 @@
+package com.usthe.sureness.subject.creater;
+
+import com.usthe.sureness.subject.Subject;
+import com.usthe.sureness.subject.SubjectCreate;
+import com.usthe.sureness.subject.support.JwtSubject;
+import com.usthe.sureness.util.JsonWebTokenUtil;
+import com.usthe.sureness.util.SurenessCommonUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.ws.rs.container.ContainerRequestContext;
+
+
+/**
+ * JwtSubject creator
+ * only support JAX-RS
+ * @author tomsun28
+ * @date 23:58 2020-02-27
+ */
+public class JwtSubjectJaxRsCreator implements SubjectCreate {
+
+    private static final Logger logger = LoggerFactory.getLogger(JwtSubjectJaxRsCreator.class);
+
+    private static final String BEARER = "Bearer";
+    private static final String AUTHORIZATION = "Authorization";
+
+    @Override
+    public boolean canSupportSubject(Object context) {
+        // support bearer jwt
+        // ("Authorization", "Bearer eyJhbGciOiJIUzUxMi...")  --- jwt auth
+        if (context instanceof ContainerRequestContext) {
+            String authorization = ((ContainerRequestContext)context).getHeaderString(AUTHORIZATION);
+            if (authorization != null && authorization.startsWith(BEARER)) {
+                String jwtValue = authorization.replace(BEARER, "").trim();
+                return !JsonWebTokenUtil.isNotJsonWebToken(jwtValue);
+            }
+        }
+        return false;
+    }
+
+    @Override
+    public Subject createSubject(Object context) {
+        String authorization = ((ContainerRequestContext)context).getHeaderString(AUTHORIZATION);
+        if (authorization != null && authorization.startsWith(BEARER)) {
+            // jwt token
+            String jwtValue = authorization.replace(BEARER, "").trim();
+            if (JsonWebTokenUtil.isNotJsonWebToken(jwtValue)) {
+                if (logger.isInfoEnabled()) {
+                    logger.info("can not create JwtSubject by this request message, is not jwt");
+                }
+                return null;
+            }
+            String requestUri = ((ContainerRequestContext) context).getUriInfo().getPath();
+            String requestType = ((ContainerRequestContext) context).getMethod();
+            String targetUri = requestUri.concat("===").concat(requestType.toLowerCase());
+            String userAgent = SurenessCommonUtil.findUserAgent((ContainerRequestContext) context);
+            return JwtSubject.builder(jwtValue)
+                    .setTargetResource(targetUri)
+                    .setUserAgent(userAgent)
+                    .build();
+        }
+        return null;
+    }
+}

core/src/main/java/com/usthe/sureness/subject/creater/JwtSubjectCreator.java → core/src/main/java/com/usthe/sureness/subject/creater/JwtSubjectServletCreator.java

@@ -12,12 +12,13 @@
 
 /**
  * JwtSubject creator
+ * only support HttpServletRequest
  * @author tomsun28
  * @date 23:58 2020-02-27
  */
-public class JwtSubjectCreator implements SubjectCreate {
+public class JwtSubjectServletCreator implements SubjectCreate {
 
-    private static final Logger logger = LoggerFactory.getLogger(JwtSubjectCreator.class);
+    private static final Logger logger = LoggerFactory.getLogger(JwtSubjectServletCreator.class);
 
     private static final String BEARER = "Bearer";
     private static final String AUTHORIZATION = "Authorization";

core/src/main/java/com/usthe/sureness/subject/creater/NoneSubjectJaxRsCreator.java

@@ -0,0 +1,33 @@
+package com.usthe.sureness.subject.creater;
+
+import com.usthe.sureness.subject.Subject;
+import com.usthe.sureness.subject.SubjectCreate;
+import com.usthe.sureness.subject.support.NoneSubject;
+import com.usthe.sureness.util.SurenessCommonUtil;
+
+import javax.ws.rs.container.ContainerRequestContext;
+
+/**
+ * 无认证信息的subject creator
+ * 所有请求都能创建出一个NoneSubject
+ * only support JAX-RS
+ * @author tomsun28
+ * @date 15:55 2020-02-28
+ */
+public class NoneSubjectJaxRsCreator implements SubjectCreate {
+    @Override
+    public boolean canSupportSubject(Object context) {
+        return context instanceof ContainerRequestContext;
+    }
+
+    @Override
+    public Subject createSubject(Object context) {
+        String requestUri = ((ContainerRequestContext) context).getUriInfo().getPath();
+        String requestType = ((ContainerRequestContext) context).getMethod();
+        String targetUri = requestUri.concat("===").concat(requestType).toLowerCase();
+        String userAgent = SurenessCommonUtil.findUserAgent((ContainerRequestContext) context);
+        return NoneSubject.builder()
+                .setTargetUri(targetUri)
+                .setUserAgent(userAgent).build();
+    }
+}

core/src/main/java/com/usthe/sureness/subject/creater/NoneSubjectCreator.java → core/src/main/java/com/usthe/sureness/subject/creater/NoneSubjectServletCreator.java

@@ -10,13 +10,14 @@
 /**
  * 无认证信息的subject creator
  * 所有请求都能创建出一个NoneSubject
+ * only support HttpServletRequest
  * @author tomsun28
  * @date 15:55 2020-02-28
  */
-public class NoneSubjectCreator implements SubjectCreate {
+public class NoneSubjectServletCreator implements SubjectCreate {
     @Override
     public boolean canSupportSubject(Object context) {
-        return true;
+        return context instanceof HttpServletRequest;
     }
 
     @Override