From 17235e0d2c5db65506c5cee5dd6b9a52e753bb16 Mon Sep 17 00:00:00 2001 From: click33 <2393584716@qq.com> Date: Mon, 11 Oct 2021 23:44:34 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=96=87=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 4 +++ .../java/com/pj/current/NotFoundHandle.java | 2 -- .../java/com/pj/satoken/SaTokenConfigure.java | 9 +++---- sa-token-doc/doc/micro/gateway-auth.md | 12 ++++----- sa-token-doc/doc/micro/id-token.md | 2 +- sa-token-doc/doc/more/update-log.md | 25 +++++++++++++++++++ sa-token-doc/doc/sso/sso-custom-login.md | 4 +-- sa-token-doc/doc/start/webflux-example.md | 2 +- sa-token-doc/doc/up/basic-auth.md | 2 +- sa-token-doc/doc/up/global-filter.md | 2 +- 10 files changed, 45 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index a2d9559e..4b41f21c 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,10 @@ - 我们将会尽力讲解每个功能的设计原因、应用场景,用心阅读文档,你学习到的将不止是 `Sa-Token` 框架本身,更是绝大多数场景下权限设计的最佳实践。 +- 注:学习测试请拉取 master 分支,dev 为正在开发的分支,有很多特性并不稳定。 + +- 开源不易,点个 star 鼓励一下吧! + ## Sa-Token 介绍 **Sa-Token** 是一个轻量级 Java 权限认证框架,主要解决:**`登录认证`**、**`权限认证`**、**`Session会话`**、**`单点登录`**、**`OAuth2.0`**、**`微服务网关鉴权`** diff --git a/sa-token-demo/sa-token-demo-springboot/src/main/java/com/pj/current/NotFoundHandle.java b/sa-token-demo/sa-token-demo-springboot/src/main/java/com/pj/current/NotFoundHandle.java index 3e8e46eb..9aa99809 100644 --- a/sa-token-demo/sa-token-demo-springboot/src/main/java/com/pj/current/NotFoundHandle.java +++ b/sa-token-demo/sa-token-demo-springboot/src/main/java/com/pj/current/NotFoundHandle.java @@ -25,8 +25,6 @@ public class NotFoundHandle implements ErrorController { @RequestMapping("/error") public Object error(HttpServletRequest request, HttpServletResponse response) throws IOException { -// response.sendError(200); - System.out.println("--------------------大闸蟹"); response.setStatus(200); return SaResult.get(404, "not found", null); } diff --git a/sa-token-demo/sa-token-demo-springboot/src/main/java/com/pj/satoken/SaTokenConfigure.java b/sa-token-demo/sa-token-demo-springboot/src/main/java/com/pj/satoken/SaTokenConfigure.java index 9113aaf0..5f3212e7 100644 --- a/sa-token-demo/sa-token-demo-springboot/src/main/java/com/pj/satoken/SaTokenConfigure.java +++ b/sa-token-demo/sa-token-demo-springboot/src/main/java/com/pj/satoken/SaTokenConfigure.java @@ -22,7 +22,7 @@ import cn.dev33.satoken.strategy.SaStrategy; */ @Configuration public class SaTokenConfigure implements WebMvcConfigurer { - + /** * 注册Sa-Token 的拦截器,打开注解式鉴权功能 */ @@ -43,10 +43,9 @@ public class SaTokenConfigure implements WebMvcConfigurer { .addInclude("/**")// .addExclude("/favicon.ico") // 认证函数: 每次请求执行 - .setAuth(r -> { - // System.out.println("---------- sa全局认证"); - - // SaRouter.match("/test/test", () -> new Object()); + .setAuth(obj -> { + // System.out.println("---------- sa全局认证 " + SaHolder.getRequest().getRequestPath()); + }) // 异常处理函数:每次认证函数发生异常时执行此函数 diff --git a/sa-token-doc/doc/micro/gateway-auth.md b/sa-token-doc/doc/micro/gateway-auth.md index c60239f1..9f367eb6 100644 --- a/sa-token-doc/doc/micro/gateway-auth.md +++ b/sa-token-doc/doc/micro/gateway-auth.md @@ -82,15 +82,15 @@ public class SaTokenConfigure { // 开放地址 .addExclude("/favicon.ico") // 鉴权方法:每次访问进入 - .setAuth(r -> { + .setAuth(obj -> { // 登录验证 -- 拦截所有路由,并排除/user/doLogin 用于开放登录 - SaRouter.match("/**", "/user/doLogin", () -> StpUtil.checkLogin()); + SaRouter.match("/**", "/user/doLogin", r -> StpUtil.checkLogin()); // 权限认证 -- 不同模块, 校验不同权限 - SaRouter.match("/user/**", () -> StpUtil.checkPermission("user")); - SaRouter.match("/admin/**", () -> StpUtil.checkPermission("admin")); - SaRouter.match("/goods/**", () -> StpUtil.checkPermission("goods")); - SaRouter.match("/orders/**", () -> StpUtil.checkPermission("orders")); + SaRouter.match("/user/**", r -> StpUtil.checkPermission("user")); + SaRouter.match("/admin/**", r -> StpUtil.checkPermission("admin")); + SaRouter.match("/goods/**", r -> StpUtil.checkPermission("goods")); + SaRouter.match("/orders/**", r -> StpUtil.checkPermission("orders")); // ... }) diff --git a/sa-token-doc/doc/micro/id-token.md b/sa-token-doc/doc/micro/id-token.md index 68523ce1..a55f9437 100644 --- a/sa-token-doc/doc/micro/id-token.md +++ b/sa-token-doc/doc/micro/id-token.md @@ -102,7 +102,7 @@ public class SaTokenConfigure implements WebMvcConfigurer { return new SaServletFilter() .addInclude("/**") .addExclude("/favicon.ico") - .setAuth(r -> { + .setAuth(obj -> { // 校验 Id-Token 身份凭证 —— 以下两句代码可简化为:SaIdUtil.checkCurrentRequestToken(); String token = SaHolder.getRequest().getHeader(SaIdUtil.ID_TOKEN); SaIdUtil.checkToken(token); diff --git a/sa-token-doc/doc/more/update-log.md b/sa-token-doc/doc/more/update-log.md index d2824962..f51d1ec8 100644 --- a/sa-token-doc/doc/more/update-log.md +++ b/sa-token-doc/doc/more/update-log.md @@ -1,6 +1,31 @@ # 更新日志 +### 2021-10-11 @v1.27.0 +- 升级:增强 SaRouter 链式匹配能力 **[重要]** +- 新增:新增插件 Thymeleaf 标签方言 **[重要]** +- 新增:@SaCheckPermission 增加 orRole 字段,用于权限角色“双重or”匹配 **[重要]** +- 升级:Cookie模式增加 `secure`、`httpOnly`、`sameSite`等属性的配置 **[重要]** +- 重构:重构SSO三种模式,抽离出统一的认证中心 **[重要]** +- 新增:新增 SaStrategy 策略类,方便内部逻辑按需重写 **[重要]** +- 新增:临时认证模块新增 deleteToken 方法用于回收 Token +- 新增:新增 kickout、replaced 等注销会话的方法,更灵活的控制会话周期 **[重要]** +- 新增:权限认证增加API:`StpUtil.hasPermissionAnd`、`StpUtil.hasPermissionOr` +- 新增:角色认证增加API:`StpUtil.hasRoleAnd`、`StpUtil.hasRoleOr` +- 新增:新增 `StpUtil.getRoleList()` 和 `StpUtil.getPermissionList()` 方法 +- 新增:新增 StpLogic 自动注入特性,可快速方便的扩展 StpLogic 对象 +- 优化:优化同端互斥登录逻辑,如果登录时没有指定设备标识,则默认顶替所有设备下线 +- 优化:在未登录时调用 hasRole 和 hasPermission 不再抛出异常,而是返回false +- 升级:升级注解鉴权算法,并提供更简单的重写方式 +- 文档:新增常见报错排查,方便快速排查异常报错 +- 文档:文档新增SSO单点登录与OAuth2技术选型对比 +- 破坏式更新: + - [向下兼容] 废弃 SaTokenAction 接口,替代方案: SaStrategy + - [向下兼容] 移除 `StpUtil.logoutByLoginId()` 更换为 `StpUtil.kickout()`; + - [不向下兼容] 侦听器 doLogoutByLoginId 与 doReplaced 方法移除 device 参数 + - [不向下兼容] 侦听器 doLogoutByLoginId 方法重命名为 doKickout + + ### 2021-9-2 @v1.26.0 - 优化:优化单点登录文档 - 新增:新增 `Http Basic` 认证 **[重要]** diff --git a/sa-token-doc/doc/sso/sso-custom-login.md b/sa-token-doc/doc/sso/sso-custom-login.md index 91e35eaf..5905c488 100644 --- a/sa-token-doc/doc/sso/sso-custom-login.md +++ b/sa-token-doc/doc/sso/sso-custom-login.md @@ -24,7 +24,7 @@ public class SaTokenConfigure implements WebMvcConfigurer { return new SaServletFilter() .addInclude("/**") .addExclude("/sso/*", "/favicon.ico") - .setAuth(r -> { + .setAuth(obj -> { if(StpUtil.isLogin() == false) { String back = SaFoxUtil.joinParam(SaHolder.getRequest().getUrl(), SpringMVCUtil.getRequest().getQueryString()); SaHolder.getResponse().redirect("/sso/login?back=" + SaFoxUtil.encodeUrl(back)); @@ -50,7 +50,7 @@ public class SaTokenConfigure implements WebMvcConfigurer { return new SaServletFilter() .addInclude("/**") .addExclude("/sso/*", "/favicon.ico") - .setAuth(r -> { + .setAuth(obj -> { if(StpUtil.isLogin() == false) { // 与前端约定好,code=401时代表会话未登录 SaRouter.back(SaResult.ok().setCode(401)); diff --git a/sa-token-doc/doc/start/webflux-example.md b/sa-token-doc/doc/start/webflux-example.md index d5bbfa24..77136c84 100644 --- a/sa-token-doc/doc/start/webflux-example.md +++ b/sa-token-doc/doc/start/webflux-example.md @@ -58,7 +58,7 @@ public class SaTokenConfigure { // 指定 [放行路由] .addExclude("/favicon.ico") // 指定[认证函数]: 每次请求执行 - .setAuth(r -> { + .setAuth(obj -> { System.out.println("---------- sa全局认证"); // SaRouter.match("/test/test", () -> StpUtil.checkLogin()); }) diff --git a/sa-token-doc/doc/up/basic-auth.md b/sa-token-doc/doc/up/basic-auth.md index ad4fe34b..2d2ab2e7 100644 --- a/sa-token-doc/doc/up/basic-auth.md +++ b/sa-token-doc/doc/up/basic-auth.md @@ -49,7 +49,7 @@ public SaResult test3() { public SaServletFilter getSaServletFilter() { return new SaServletFilter() .addInclude("/**").addExclude("/favicon.ico") - .setAuth(r -> { + .setAuth(obj -> { SaRouter.match("/test/**", () -> SaBasicUtil.check("sa:123456")); }); } diff --git a/sa-token-doc/doc/up/global-filter.md b/sa-token-doc/doc/up/global-filter.md index b5087a5e..3e4d4d1e 100644 --- a/sa-token-doc/doc/up/global-filter.md +++ b/sa-token-doc/doc/up/global-filter.md @@ -39,7 +39,7 @@ public class SaTokenConfigure { .addInclude("/**").addExclude("/favicon.ico") // 认证函数: 每次请求执行 - .setAuth(r -> { + .setAuth(obj -> { System.out.println("---------- 进入Sa-Token全局认证 -----------"); // 登录验证 -- 拦截所有路由,并排除/user/doLogin 用于开放登录