Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit49a4a61

Browse files
Thomasrludomikula
Thomasr
authored andcommitted
Add authorization check to Extension Endpoint
1 parentdd36801 commit49a4a61

File tree

2 files changed

+75
-39
lines changed

2 files changed

+75
-39
lines changed
Lines changed: 2 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,28 +1,18 @@
11
packageorg.lowcoder.api.framework.configuration;
22

3-
importjava.util.ArrayList;
4-
53
importorg.lowcoder.api.framework.plugin.LowcoderPluginManager;
64
importorg.lowcoder.api.framework.plugin.endpoint.PluginEndpointHandler;
7-
// Falk: eventually not needed
8-
importorg.lowcoder.api.framework.plugin.security.PluginAuthorizationManager;
9-
importorg.lowcoder.plugin.api.EndpointExtension;
10-
importorg.springframework.aop.Advisor;
11-
importorg.springframework.aop.support.annotation.AnnotationMatchingPointcut;
12-
importorg.springframework.beans.factory.config.BeanDefinition;
135
importorg.springframework.context.annotation.Bean;
146
importorg.springframework.context.annotation.Configuration;
157
importorg.springframework.context.annotation.DependsOn;
16-
importorg.springframework.context.annotation.Role;
17-
importorg.springframework.security.authorization.method.AuthorizationInterceptorsOrder;
18-
importorg.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor;
198
importorg.springframework.web.reactive.function.server.RequestPredicates;
209
importorg.springframework.web.reactive.function.server.RouterFunction;
2110
importorg.springframework.web.reactive.function.server.RouterFunctions;
2211
importorg.springframework.web.reactive.function.server.ServerResponse;
23-
2412
importreactor.core.publisher.Mono;
2513

14+
importjava.util.ArrayList;
15+
2616
@Configuration
2717
publicclassPluginConfiguration
2818
{
@@ -43,15 +33,4 @@ RouterFunction<?> pluginEndpoints(LowcoderPluginManager pluginManager, PluginEnd
4333

4434
return (endpoints ==null) ?pluginsList :pluginsList.andOther(endpoints);
4535
}
46-
47-
// Falk: eventually not needed
48-
@Bean
49-
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
50-
AdvisorprotectPluginEndpoints(PluginAuthorizationManagerpluginAauthManager)
51-
{
52-
AnnotationMatchingPointcutpointcut =newAnnotationMatchingPointcut(EndpointExtension.class,true);
53-
AuthorizationManagerBeforeReactiveMethodInterceptorinterceptor =newAuthorizationManagerBeforeReactiveMethodInterceptor(pointcut,pluginAauthManager);
54-
interceptor.setOrder(AuthorizationInterceptorsOrder.PRE_AUTHORIZE.getOrder() -1);
55-
returninterceptor;
56-
}
5736
}

‎server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/plugin/endpoint/PluginEndpointHandlerImpl.java‎

Lines changed: 73 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
packageorg.lowcoder.api.framework.plugin.endpoint;
22

3+
importstaticorg.lowcoder.sdk.exception.BizError.NOT_AUTHORIZED;
34
importstaticorg.springframework.web.reactive.function.server.RequestPredicates.DELETE;
45
importstaticorg.springframework.web.reactive.function.server.RequestPredicates.GET;
56
importstaticorg.springframework.web.reactive.function.server.RequestPredicates.OPTIONS;
@@ -8,30 +9,42 @@
89
importstaticorg.springframework.web.reactive.function.server.RequestPredicates.PUT;
910
importstaticorg.springframework.web.reactive.function.server.RouterFunctions.route;
1011

12+
importjava.lang.reflect.AccessibleObject;
1113
importjava.lang.reflect.InvocationTargetException;
1214
importjava.lang.reflect.Method;
1315
importjava.util.ArrayList;
16+
importjava.util.Collections;
1417
importjava.util.List;
1518

19+
importorg.aopalliance.intercept.MethodInvocation;
1620
importorg.apache.commons.collections4.CollectionUtils;
1721
importorg.apache.commons.lang3.StringUtils;
22+
importorg.jetbrains.annotations.NotNull;
23+
importorg.jetbrains.annotations.Nullable;
1824
importorg.lowcoder.api.framework.plugin.data.PluginServerRequest;
25+
importorg.lowcoder.api.framework.plugin.security.PluginAuthorizationManager;
1926
importorg.lowcoder.api.framework.plugin.security.SecuredEndpoint;
2027
importorg.lowcoder.plugin.api.EndpointExtension;
2128
importorg.lowcoder.plugin.api.PluginEndpoint;
2229
importorg.lowcoder.plugin.api.data.EndpointRequest;
2330
importorg.lowcoder.plugin.api.data.EndpointResponse;
2431
importorg.lowcoder.sdk.exception.BaseException;
32+
importorg.lowcoder.sdk.exception.BizException;
2533
importorg.springframework.aop.TargetSource;
2634
importorg.springframework.aop.framework.ProxyFactoryBean;
35+
importorg.springframework.aop.framework.ReflectiveMethodInvocation;
2736
importorg.springframework.aop.target.SimpleBeanTargetSource;
2837
importorg.springframework.beans.factory.support.DefaultListableBeanFactory;
2938
importorg.springframework.context.ApplicationContext;
3039
importorg.springframework.context.support.GenericApplicationContext;
3140
importorg.springframework.core.ResolvableType;
3241
importorg.springframework.http.ResponseCookie;
3342
importorg.springframework.security.access.prepost.PreAuthorize;
43+
importorg.springframework.security.authentication.UsernamePasswordAuthenticationToken;
44+
importorg.springframework.security.authorization.AuthorizationDecision;
45+
importorg.springframework.security.core.Authentication;
3446
importorg.springframework.security.core.context.ReactiveSecurityContextHolder;
47+
importorg.springframework.security.core.context.SecurityContext;
3548
importorg.springframework.stereotype.Component;
3649
importorg.springframework.web.reactive.function.server.RequestPredicate;
3750
importorg.springframework.web.reactive.function.server.RouterFunction;
@@ -52,6 +65,7 @@ public class PluginEndpointHandlerImpl implements PluginEndpointHandler
5265

5366
privatefinalApplicationContextapplicationContext;
5467
privatefinalDefaultListableBeanFactorybeanFactory;
68+
privatefinalPluginAuthorizationManagerpluginAuthorizationManager;
5569

5670
@Override
5771
publicvoidregisterEndpoints(StringpluginUrlPrefix,List<PluginEndpoint>endpoints)
@@ -101,26 +115,69 @@ private void registerEndpointHandler(String urlPrefix, PluginEndpoint endpoint,
101115

102116
log.info("Registered endpoint: {} -> {}: {}",endpoint.getClass().getSimpleName(),endpointMeta.method(),urlPrefix +endpointMeta.uri());
103117
}
104-
105-
@SecuredEndpoint
118+
106119
publicMono<ServerResponse>runPluginEndpointMethod(PluginEndpointendpoint,EndpointExtensionendpointMeta,Methodhandler,ServerRequestrequest)
107120
{
108-
Mono<ServerResponse>result =null;
109-
try
110-
{
111-
log.info("Running plugin endpoint method {}\nRequest: {}",handler.getName(),request);
121+
log.info("Running plugin endpoint method {}\nRequest: {}",handler.getName(),request);
112122

113-
EndpointResponseresponse = (EndpointResponse)handler.invoke(endpoint,PluginServerRequest.fromServerRequest(request));
114-
result =createServerResponse(response);
115-
}
116-
catch (IllegalAccessException |InvocationTargetExceptioncause)
117-
{
118-
thrownewBaseException("Error running handler for [ " +endpointMeta.method() +": " +endpointMeta.uri() +"] !");
119-
}
120-
returnresult;
123+
Mono<Authentication>monoAuthentication =ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication).cache();
124+
Mono<AuthorizationDecision>decisionMono =monoAuthentication.flatMap(authentication -> {
125+
MethodInvocationmethodInvocation =null;
126+
try {
127+
methodInvocation =getMethodInvocation(endpointMeta,authentication);
128+
}catch (NoSuchMethodExceptione) {
129+
returnMono.error(newRuntimeException(e));
130+
}
131+
returnpluginAuthorizationManager.check(monoAuthentication,methodInvocation);
132+
});
133+
134+
returndecisionMono.<EndpointResponse>handle((authorizationDecision,sink) -> {
135+
if(!authorizationDecision.isGranted())sink.error(newBizException(NOT_AUTHORIZED,"NOT_AUTHORIZED"));
136+
try {
137+
sink.next((EndpointResponse)handler.invoke(endpoint,PluginServerRequest.fromServerRequest(request)));
138+
}catch (IllegalAccessException |InvocationTargetExceptione) {
139+
sink.error(newRuntimeException(e));
140+
}
141+
}).flatMap(this::createServerResponse);
121142
}
122-
123-
143+
144+
privatestatic@NotNullMethodInvocationgetMethodInvocation(EndpointExtensionendpointMeta,Authenticationauthentication)throwsNoSuchMethodException {
145+
Methodmethod =Authentication.class.getMethod("isAuthenticated");
146+
Object[]arguments =newObject[]{"someString",endpointMeta};
147+
returnnewMethodInvocation() {
148+
@NotNull
149+
@Override
150+
publicMethodgetMethod() {
151+
returnmethod;
152+
}
153+
154+
@NotNull
155+
@Override
156+
publicObject[]getArguments() {
157+
returnarguments;
158+
}
159+
160+
@Nullable
161+
@Override
162+
publicObjectproceed()throwsThrowable {
163+
returnnull;
164+
}
165+
166+
@Nullable
167+
@Override
168+
publicObjectgetThis() {
169+
returnauthentication;
170+
}
171+
172+
@NotNull
173+
@Override
174+
publicAccessibleObjectgetStaticPart() {
175+
returnnull;
176+
}
177+
};
178+
}
179+
180+
124181
privatevoidregisterRouterFunctionMapping(StringendpointName,RouterFunction<ServerResponse>routerFunction)
125182
{
126183
StringbeanName ="pluginEndpoint_" +endpointName +"_" +System.currentTimeMillis();

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp