feat: 认证事件监听

Author: John-Chan

.gitignore

@@ -15,6 +15,7 @@ bin/
 
 ### IntelliJ IDEA ###
 .idea
+!.idea/copyright/*.xml
 *.iws
 *.iml
 *.ipr

.idea/copyright/power4j_apache_v2.xml

@@ -58,7 +58,7 @@ private String renderMarkdownMsg(ErrorEvent event) {
 
 		// @formatter:off
 
-		final String msgTemplate = "" + StrUtil.CR +
+		final String msgTemplate = "" + StrUtil.CR + StrUtil.CR +
 				"## 请求信息" + StrUtil.CR +
 				"- 时间(UTC): `%s`" + StrUtil.CR +
 				"- 请求ID: `%s`" + StrUtil.CR +
@@ -73,9 +73,15 @@ private String renderMarkdownMsg(ErrorEvent event) {
 				"%s" + StrUtil.CR +
 				"```" + StrUtil.CR;
 
-		return String.format(msgTemplate, DATE_TIME_FORMATTER.format(event.getTimeUtc()), event.getRequestId(),
-				event.getRequestUri(), event.getRequestMethod(), event.getRequestQueryString(), event.getEx(),
-				event.getExMsg(), StrUtil.maxLength(event.getExStack(), 500));
+		return String.format(msgTemplate,
+				DATE_TIME_FORMATTER.format(event.getTimeUtc()),
+				event.getRequestId(),
+				event.getRequestUri(),
+				event.getRequestMethod(),
+				event.getRequestQueryString(),
+				event.getEx(),
+				event.getExMsg(),
+				StrUtil.maxLength(event.getExStack(), 500));
 
 		// @formatter:on
 	}

.idea/copyright/profiles_settings.xml

@@ -55,7 +55,7 @@ logging:
   level:
     org:
       springframework:
-        security: info
+        security: debug
     com:
       power4j:
         flygon:

flygon-admin/src/main/java/com/power4j/flygon/admin/modules/demo/notify/ding/DingMessagePusher.java

@@ -24,7 +24,7 @@ spring:
     dingers:
       # 使用钉钉机器人, 请根据自己机器人配置信息进行修改
       dingtalk:
-        tokenId: ${DING_TALK_TOKEN:4ef4bee34d2b37d40e60b6d9f2abad82062ffa3cdefce1ec87389b63867a902a}
+        tokenId: ${DING_TALK_TOKEN}
         secret: ${DING_TALK_SECRET}
 
 springdoc:
@@ -79,7 +79,7 @@ flygon:
     # 公众号消息通知
     wx-mp:
       enabled: true
-      app-id: ${WX_MP_APPID:wxc6222bd36479c057}
+      app-id: ${WX_MP_APPID}
       secret: ${WX_MP_SECRET}
       subscribers: oiwtWuMNNa6njL3bE7_9ADOKMEWc
   # 自定义验证码产生地址和消费地址

flygon-admin/src/main/resources/application-dev.yml

@@ -21,7 +21,7 @@
 	<property name="log.path" value="logs/${spring.application.name}"/>
 
 	<property name="CONSOLE_LOG_PATTERN"
-			  value="${CONSOLE_LOG_PATTERN:-%clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr([%X{requestId:-}]){red} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}}"/>
+			  value="${CONSOLE_LOG_PATTERN:-%clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr([R %X{requestId:-}]){red} %clr([U %X{accountId:-}]){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}}"/>
 	<conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter"/>
 	<conversionRule conversionWord="wex"
 					converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter"/>
@@ -43,7 +43,7 @@
 			<maxHistory>10</maxHistory>
 		</rollingPolicy>
 		<encoder>
-			<pattern>%date [%X{requestId:-}] [%thread] %-5level [%logger{50}] %file:%line - %msg%n</pattern>
+			<pattern>%date [R %X{requestId:-}] [U %X{accountId:-}] [%thread] %-5level [%logger{50}] %file:%line - %msg%n</pattern>
 		</encoder>
 	</appender>
 
@@ -56,7 +56,7 @@
 			<maxHistory>30</maxHistory>
 		</rollingPolicy>
 		<encoder>
-			<pattern>%date [%X{requestId:-}] [%thread] %-5level [%logger{50}] %file:%line - %msg%n</pattern>
+			<pattern>%date [R %X{requestId:-}] [U %X{accountId:-}] [%thread] %-5level [%logger{50}] %file:%line - %msg%n</pattern>
 		</encoder>
 		<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
 			<level>ERROR</level>

flygon-admin/src/main/resources/application.yml

@@ -43,6 +43,14 @@ public Optional<String> getAccountId() {
 		return Optional.ofNullable(getHeaders().getFirst(contextProperties.getHeaderMapping().getAccountId()));
 	}
 
+	public void setRequestId(String val) {
+		getHeaders().set(contextProperties.getHeaderMapping().getRequestId(), val);
+	}
+
+	public void setAccountId(String val) {
+		getHeaders().set(contextProperties.getHeaderMapping().getAccountId(), val);
+	}
+
 	protected HttpHeaders getHeaders() {
 		return ThreadStore.get(REQUEST_CONTEXT_KEY, () -> loadHeader()).get();
 	}

flygon-admin/src/main/resources/logback-spring.xml

@@ -18,11 +18,14 @@
 
 import cn.hutool.core.util.StrUtil;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.power4j.flygon.common.core.context.RequestContext;
 import com.power4j.flygon.common.security.filter.SignInFilter;
 import com.power4j.flygon.common.security.handler.SignInFailureHandler;
 import com.power4j.flygon.common.security.handler.SignInSuccessHandler;
 import com.power4j.flygon.common.security.handler.SignOutHandler;
 import com.power4j.flygon.common.security.handler.SignOutSuccessHandler;
+import com.power4j.flygon.common.security.listener.AuthenticationFailureListener;
+import com.power4j.flygon.common.security.listener.AuthenticationSuccessListener;
 import com.power4j.flygon.common.security.service.PermissionService;
 import com.power4j.flygon.common.security.service.TokenService;
 import com.power4j.flygon.common.security.token.ApiTokenAuthenticationEntryPoint;
@@ -117,6 +120,16 @@ public SignInFilter signInFilter() throws Exception {
 		return filter;
 	}
 
+	@Bean
+	public AuthenticationSuccessListener authenticationSuccessListener(RequestContext requestContext) {
+		return new AuthenticationSuccessListener(requestContext);
+	}
+
+	@Bean
+	public AuthenticationFailureListener authenticationFailureListener() {
+		return new AuthenticationFailureListener();
+	}
+
 	@Override
 	protected void configure(AuthenticationManagerBuilder auth) {
 		auth.authenticationProvider(apiTokenAuthenticationProvider());

flygon-common/flygon-common-core/src/main/java/com/power4j/flygon/common/core/context/RequestContext.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2020 ChenJun ([email protected])
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.power4j.flygon.common.security.listener;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+
+/**
+ * @author CJ ([email protected])
+ * @date 2021/1/17
+ * @since 1.0
+ */
+public interface AuthenticationFailureHandler {
+
+	/**
+	 * 认证失败回调
+	 * @param authentication
+	 * @param exception
+	 */
+	void handleAuthenticationFailure(Authentication authentication, AuthenticationException exception);
+
+}

flygon-common/flygon-common-security/src/main/java/com/power4j/flygon/common/security/config/WebSecurityConfig.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2020 ChenJun ([email protected])
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.power4j.flygon.common.security.listener;
+
+import org.springframework.beans.factory.ObjectProvider;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.AutoConfigureBefore;
+import org.springframework.context.ApplicationListener;
+import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
+
+/**
+ * @author CJ ([email protected])
+ * @date 2021/1/17
+ * @since 1.0
+ */
+public class AuthenticationFailureListener implements ApplicationListener<AbstractAuthenticationFailureEvent> {
+
+	@Autowired
+	private ObjectProvider<AuthenticationFailureHandler> authenticationFailureHandlerObjectProvider;
+
+	@Override
+	public void onApplicationEvent(AbstractAuthenticationFailureEvent event) {
+		authenticationFailureHandlerObjectProvider.stream()
+				.forEach(h -> h.handleAuthenticationFailure(event.getAuthentication(), event.getException()));
+	}
+
+}

flygon-common/flygon-common-security/src/main/java/com/power4j/flygon/common/security/listener/AuthenticationFailureHandler.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2020 ChenJun ([email protected])
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.power4j.flygon.common.security.listener;
+
+import org.springframework.security.core.Authentication;
+
+/**
+ * @author CJ ([email protected])
+ * @date 2021/1/17
+ * @since 1.0
+ */
+public interface AuthenticationSuccessHandler {
+
+	/**
+	 * 认证失败回调
+	 * @param authentication
+	 */
+	void handleAuthenticationSuccess(Authentication authentication);
+
+}

flygon-common/flygon-common-security/src/main/java/com/power4j/flygon/common/security/listener/AuthenticationFailureListener.java

@@ -0,0 +1,70 @@
+/*
+ * Copyright 2020 ChenJun ([email protected])
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.power4j.flygon.common.security.listener;
+
+import com.power4j.flygon.common.core.constant.CommonConstant;
+import com.power4j.flygon.common.core.context.RequestContext;
+import com.power4j.flygon.common.security.LoginUser;
+import com.power4j.flygon.common.security.model.ApiToken;
+import com.power4j.flygon.common.security.token.ApiTokenAuthentication;
+import lombok.RequiredArgsConstructor;
+import org.slf4j.MDC;
+import org.springframework.beans.factory.ObjectProvider;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationListener;
+import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
+
+import java.util.Optional;
+
+/**
+ * @author CJ ([email protected])
+ * @date 2021/1/17
+ * @since 1.0
+ */
+@RequiredArgsConstructor
+public class AuthenticationSuccessListener implements ApplicationListener<AuthenticationSuccessEvent> {
+
+	private final RequestContext requestContext;
+
+	@Autowired
+	private ObjectProvider<AuthenticationSuccessHandler> authenticationSuccessHandlerObjectProvider;
+
+	@Override
+	public void onApplicationEvent(AuthenticationSuccessEvent event) {
+		Authentication authentication = event.getAuthentication();
+		updateContext(authentication);
+		authenticationSuccessHandlerObjectProvider.stream().forEach(h -> h.handleAuthenticationSuccess(authentication));
+	}
+
+	private void updateContext(Authentication authentication) {
+		String uid = null;
+		if (authentication instanceof LoginUser) {
+			uid = ((LoginUser) authentication).getUid().toString();
+		}
+		else if (authentication instanceof PreAuthenticatedAuthenticationToken) {
+			uid = Optional.ofNullable(authentication.getDetails()).filter(o -> o instanceof ApiToken)
+					.map(o -> ((ApiToken) o).getUuid().toString()).orElse(null);
+		}
+		if (uid != null) {
+			requestContext.setAccountId(uid);
+			MDC.put(CommonConstant.MDC_ACCOUNT_ID, uid);
+		}
+	}
+
+}

flygon-common/flygon-common-security/src/main/java/com/power4j/flygon/common/security/listener/AuthenticationSuccessHandler.java

@@ -18,6 +18,7 @@
 
 import cn.hutool.http.HttpStatus;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.power4j.flygon.common.core.constant.SysErrorCodes;
 import com.power4j.flygon.common.core.model.ApiResponse;
 import com.power4j.flygon.common.core.util.ApiResponseUtil;
 import com.power4j.flygon.common.security.msg.SecurityMessageSource;
@@ -58,7 +59,7 @@ public void commence(HttpServletRequest request, HttpServletResponse response,
 		log.debug("Handling {} : {} {}", authException.getClass().getSimpleName(), authException.getMessage(), reqUrl);
 		response.setCharacterEncoding(StandardCharsets.UTF_8.name());
 		response.setContentType(MediaType.APPLICATION_JSON_VALUE);
-		ApiResponse<Object> result = ApiResponseUtil.fail(authException.getMessage());
+		ApiResponse<Object> result = ApiResponse.of(SysErrorCodes.E_UNAUTHORIZED, authException.getMessage());
 		result.setData(reqUrl);
 
 		if (authException instanceof InsufficientAuthenticationException) {

flygon-common/flygon-common-security/src/main/java/com/power4j/flygon/common/security/listener/AuthenticationSuccessListener.java

@@ -74,6 +74,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
 		UserDetails userDetails = userDetailsService.loadUserByUsername(apiToken.getUsername());
 		PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = new PreAuthenticatedAuthenticationToken(
 				userDetails, tokenValue, userDetails.getAuthorities());
+		preAuthenticatedAuthenticationToken.setDetails(apiToken);
 		preAuthenticatedAuthenticationToken.setAuthenticated(true);
 		return preAuthenticatedAuthenticationToken;
 	}