多模块重构 12：【新增】Spring Security 新增 AuthorizeRequestsCustomizer 抽象类，自定义每个 Maven Module 的 URL 的安全配置

2025-07-23 23:45:08 +08:00 · 2022-02-04 01:36:27 +08:00
parent 4890cf05de
commit c2ccfa3bd6
33 changed files with 212 additions and 137 deletions
--- a/yudao-server/src/main/java/cn/iocoder/yudao/module/shop/controller/admin/package-info.java
+++ b/yudao-server/src/main/java/cn/iocoder/yudao/module/shop/controller/admin/package-info.java
@ -0,0 +1,4 @@
+/**
+ * 占位
+ */
+package cn.iocoder.yudao.module.shop.controller.admin;
--- a/yudao-server/src/main/java/cn/iocoder/yudao/module/shop/controller/app/AppShopOrderController.java
+++ b/yudao-server/src/main/java/cn/iocoder/yudao/module/shop/controller/app/AppShopOrderController.java
@ -0,0 +1,74 @@
+package cn.iocoder.yudao.module.shop.controller.app;
+
+import cn.iocoder.yudao.framework.common.pojo.CommonResult;
+import cn.iocoder.yudao.framework.common.util.date.DateUtils;
+import cn.iocoder.yudao.module.pay.service.notify.vo.PayNotifyOrderReqVO;
+import cn.iocoder.yudao.module.pay.service.notify.vo.PayRefundOrderReqVO;
+import cn.iocoder.yudao.module.pay.service.order.PayOrderService;
+import cn.iocoder.yudao.module.pay.service.order.dto.PayOrderCreateReqDTO;
+import cn.iocoder.yudao.module.pay.util.PaySeqUtils;
+import cn.iocoder.yudao.module.shop.controller.app.vo.AppShopOrderCreateRespVO;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.annotation.Resource;
+import javax.validation.Valid;
+import java.time.Duration;
+
+import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
+import static cn.iocoder.yudao.framework.common.util.servlet.ServletUtils.getClientIP;
+
+@Api(tags = "用户 APP - 商城订单")
+@RestController
+@RequestMapping("/shop/order")
+@Validated
+@Slf4j
+public class AppShopOrderController {
+
+    @Resource
+    private PayOrderService payOrderService;
+
+    @PostMapping("/create")
+    @ApiOperation("创建商城订单")
+//    @PreAuthenticated // TODO 暂时不加登陆验证，前端暂时没做好
+    public CommonResult<AppShopOrderCreateRespVO> create() {
+        // 假装创建商城订单
+        Long shopOrderId = System.currentTimeMillis();
+
+        // 创建对应的支付订单
+        PayOrderCreateReqDTO reqDTO = new PayOrderCreateReqDTO();
+        reqDTO.setAppId(6L);
+        reqDTO.setUserIp(getClientIP());
+        reqDTO.setMerchantOrderId(PaySeqUtils.genMerchantOrderNo());
+        reqDTO.setSubject("标题：" + shopOrderId);
+        reqDTO.setBody("内容：" + shopOrderId);
+        reqDTO.setAmount(200); // 单位：分
+        reqDTO.setExpireTime(DateUtils.addTime(Duration.ofDays(1)));
+        Long payOrderId = payOrderService.createPayOrder(reqDTO);
+
+        // 拼接返回
+        return success(AppShopOrderCreateRespVO.builder().id(shopOrderId)
+                .payOrderId(payOrderId).build());
+    }
+
+    @PostMapping("/pay-notify")
+    @ApiOperation("支付回调")
+    public CommonResult<Boolean> payNotify(@RequestBody @Valid PayNotifyOrderReqVO reqVO) {
+        log.info("[payNotify][回调成功]");
+        return success(true);
+    }
+
+    @PostMapping("/refund-notify")
+    @ApiOperation("退款回调")
+    public CommonResult<Boolean> refundNotify(@RequestBody @Valid PayRefundOrderReqVO reqVO) {
+        log.info("[refundNotify][回调成功]");
+        return success(true);
+    }
+
+}
--- a/yudao-server/src/main/java/cn/iocoder/yudao/module/shop/controller/app/vo/AppShopOrderCreateRespVO.java
+++ b/yudao-server/src/main/java/cn/iocoder/yudao/module/shop/controller/app/vo/AppShopOrderCreateRespVO.java
@ -0,0 +1,21 @@
+package cn.iocoder.yudao.module.shop.controller.app.vo;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+
+@ApiModel("用户 APP - 商城订单创建 Response VO")
+@Data
+@Builder
+@AllArgsConstructor
+public class AppShopOrderCreateRespVO {
+
+    @ApiModelProperty(value = "商城订单编号", required = true, example = "1024")
+    private Long id;
+
+    @ApiModelProperty(value = "支付订单编号", required = true, example = "2048")
+    private Long payOrderId;
+
+}
--- a/yudao-server/src/main/java/cn/iocoder/yudao/module/shop/package-info.java
+++ b/yudao-server/src/main/java/cn/iocoder/yudao/module/shop/package-info.java
@ -0,0 +1,9 @@
+/**
+ * shop 包下，我们放商城业务
+ * 例如说：商品、订单等等
+ * 注意，目前仅仅作为 demo 演示，对接 pay 支付系统
+ *
+ * 缩写：shop
+ */
+// TODO 芋艿：后续会迁移到 yudao-module-mall-trade 下
+package cn.iocoder.yudao.module.shop;
--- a/yudao-server/src/main/java/cn/iocoder/yudao/server/framework/monitor/config/AdminServerConfiguration.java
+++ b/yudao-server/src/main/java/cn/iocoder/yudao/server/framework/monitor/config/AdminServerConfiguration.java
@ -1,9 +0,0 @@
-package cn.iocoder.yudao.server.framework.monitor.config;
-
-import de.codecentric.boot.admin.server.config.EnableAdminServer;
-import org.springframework.context.annotation.Configuration;
-
-@Configuration
-@EnableAdminServer
-public class AdminServerConfiguration {
-}
--- a/yudao-server/src/main/java/cn/iocoder/yudao/server/framework/monitor/package-info.java
+++ b/yudao-server/src/main/java/cn/iocoder/yudao/server/framework/monitor/package-info.java
@ -1,4 +0,0 @@
-/**
- * 使用 Spring Boot Admin 实现简单的监控平台
- */
-package cn.iocoder.yudao.server.framework.monitor;
--- a/yudao-server/src/main/java/cn/iocoder/yudao/server/framework/monitor/《芋道
+++ b/yudao-server/src/main/java/cn/iocoder/yudao/server/framework/monitor/《芋道
@ -1 +0,0 @@
-<http://www.iocoder.cn/Spring-Boot/Admin/?yudao>
--- a/yudao-server/src/main/java/cn/iocoder/yudao/server/framework/security/SecurityConfiguration.java
+++ b/yudao-server/src/main/java/cn/iocoder/yudao/server/framework/security/SecurityConfiguration.java
@ -1,50 +0,0 @@
-package cn.iocoder.yudao.server.framework.security;
-
-import cn.iocoder.yudao.framework.web.config.WebProperties;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.Customizer;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
-
-import javax.annotation.Resource;
-
-@Configuration
-public class SecurityConfiguration {
-
-    @Resource
-    private WebProperties webProperties;
-
-    @Value("${spring.boot.admin.context-path:''}")
-    private String adminSeverContextPath;
-
-    @Bean
-    public Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer() {
-        return registry -> {
-            // 验证码的接口
-            registry.antMatchers(buildAdminApi("/system/captcha/**")).anonymous();
-            // 获得租户编号的接口
-            registry.antMatchers(buildAdminApi("/system/tenant/get-id-by-name")).anonymous();
-            // Spring Boot Admin Server 的安全配置
-            registry.antMatchers(adminSeverContextPath).anonymous()
-                    .antMatchers(adminSeverContextPath + "/**").anonymous();
-            // 短信回调 API
-            registry.antMatchers(buildAdminApi("/system/sms/callback/**")).anonymous();
-
-            // 设置 App API 无需认证
-            registry.antMatchers(buildAppApi("/**")).permitAll();
-        };
-    }
-
-    private String buildAdminApi(String url) {
-        // TODO 芋艿：多模块
-        return webProperties.getAdminApi().getPrefix() + url;
-    }
-
-    private String buildAppApi(String url) {
-        // TODO 芋艿：多模块
-        return webProperties.getAppApi().getPrefix() + url;
-    }
-
-}
				`@ -1 +0,0 @@`
				`<http://www.iocoder.cn/Spring-Boot/Admin/?yudao>`